Last year, cyberattacks compromised the health records of 45 million U.S. patients, according to Critical Insight. That number has jumped threefold in just three years, rising from 14 million patients in 2018. Just last week, FBI Director Christopher Wray revealed that the agency helped Boston Children’s Hospital thwart a 2021 attempted Iranian cyberattack he described as “one of the most despicable cyberattacks I’ve seen.”
The federal government has established various departments and initiatives to promote cybersecurity among healthcare organizations, as well as businesses spanning other sectors. But experts say these efforts require more cross-agency collaboration in order to be effective. That’s why lawmakers and cybersecurity experts are rallying around the recently introduced Strengthening Cybersecurity for Medical Devices Act, a bipartisan bill designed to ensure the Food and Drug Administration collaborates with other federal agencies to issue informed guidance of medical device cybersecurity.
The FDA has not issued cybersecurity guidance since 2018 despite medical devices being frequently targeted by hackers. The legislation introduced by Sens. Jacky Rosen, D-Nev., and Todd Young, R-Ind., would require the FDA to review and update medical device cybersecurity guidelines, as well as provide suggestions to protect devices from cyber threats. Currently, there are no requirements for how often the FDA needs to issue guidelines.
The bill is designed to ensure that federal cybersecurity guidance for medical devices is in line with the current healthcare cyberthreat landscape, which evolves at a rapid pace. It also requires the FDA to collaborate with DHS’ Cybersecurity and Infrastructure Security Agency to release binding guidelines on medical device cybersecurity at least every two years.
If the bill passes, the FDA would have to to post regular public updates on medical devices’ cybersecurity vulnerabilities and how to access support. The bill would also require the Government Accountability Office to issue a comprehensive report on medical device cybersecurity vulnerabilities and how the federal government can improve its cross-agency collaboration to address these challenges.
In March, Sen. Rosen introduced a separate bipartisan bill with Sen. Bill Cassidy, R-La., aimed at bolstering HHS’ collaboration with CISA in light of Russian cyberthreats. The legislation is designed to promote a closer working relationship between the two entities so they can provide more informed guidance on how healthcare assets are being targeted by cyber criminals.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
The government has historically employed a “fragmented approach” to cybersecurity, Lisa Plaggemier, executive director at the National Cybersecurity Alliance, said in an emailed statement. She said this fragmentation spans the tools used by different departments to how cyberattack prevention measures are implemented to what cybersecurity developments are reported and when.
“Given how rapidly the cybersecurity landscape moves, it has become increasingly clear that if the government is not able to effectively collaborate and orchestrate a streamlined response, it will be virtually impossible to build the cybersecurity infrastructure we need,” she said.
Cyberthreats have always evolved rapidly, and rising geopolitical tensions mean cybersecurity defenses must be able to pivot even more quickly. Plaggemier pointed out that cyber criminals are willing to compromise virtually any space, so it’s essential that the federal government prioritize open lines of communication to deliver effective cyber defense strategies, as vulnerabilities in one area could affect seemingly unrelated ones.
Photo: anyaberkut, Getty Images
