Government Inaction Adds Pressure on IoMT Device and Data Security
Check out all the Smart Security Summit on-demand sessions here.
It has now become a sad reality that US hospital systems and other healthcare delivery organizations must look only to their own leadership in IoT device and data security (IoMT), because the new legislation will do them no favors. With vulnerable IoMT devices being a particularly popular route for ransomware and malware, the government's relative inaction is concerning.
Health care safety legislation, watered downMany hospitals have championed the inclusion of medical device safety provisions in this year's appropriations bill to fund the U.S. Food and Drug Administration (FDA) and reauthorize medical device programs. FDA user fees.
In June, a version of the bill that would have imposed new legally binding security requirements on manufacturers of IoMT devices easily passed the House of Representatives. This bill would have - and should have - held manufacturers responsible for evaluating the cybersecurity of their Internet-connected devices before putting them on the market. They would also have had to provide a software bill of materials (SBOM) for more transparency and better information about the security of software components and device vulnerabilities.
However, these device safety provisions were removed from the version of the bill that passed in late September, as FDA funding was set to expire and disappointing compromises were made against the clock.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here The PATCH lawHope is not lost for federal IoMT security requirements. Introduced in March, the Protecting and Transforming Cyber Health Care (PATCH) Act would impose similar requirements. Device manufacturers should demonstrate cybersecurity precautions to the FDA before going to market; provide transparent SBOMs; and provide timely device security updates throughout the lifecycle of their products.
In June, the PATCH Act was approved by the American Hospital Association, which represents nearly 5,000 healthcare organizations and millions of healthcare professionals.
While proponents of medical device safety rightly regard the FDA's watered-down appropriations bill as a frustrating missed opportunity, efforts such as the PATCH Act and others that strengthen safety at the from the manufacturer will certainly continue.
But attackers aren't patiently waiting for lawmakers to get their act together (whether it's PATCH or some other measure). They continue to launch daily attacks on IoMT devices plagued by vulnerabilities. With no government cavalry coming to the rescue, the industry must rely on its own to secure its internet-connected devices and systems as effectively as possible.
Healthcare safety faces a daunting challenge for the IoMT...
Check out all the Smart Security Summit on-demand sessions here.
It has now become a sad reality that US hospital systems and other healthcare delivery organizations must look only to their own leadership in IoT device and data security (IoMT), because the new legislation will do them no favors. With vulnerable IoMT devices being a particularly popular route for ransomware and malware, the government's relative inaction is concerning.
Health care safety legislation, watered downMany hospitals have championed the inclusion of medical device safety provisions in this year's appropriations bill to fund the U.S. Food and Drug Administration (FDA) and reauthorize medical device programs. FDA user fees.
In June, a version of the bill that would have imposed new legally binding security requirements on manufacturers of IoMT devices easily passed the House of Representatives. This bill would have - and should have - held manufacturers responsible for evaluating the cybersecurity of their Internet-connected devices before putting them on the market. They would also have had to provide a software bill of materials (SBOM) for more transparency and better information about the security of software components and device vulnerabilities.
However, these device safety provisions were removed from the version of the bill that passed in late September, as FDA funding was set to expire and disappointing compromises were made against the clock.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here The PATCH lawHope is not lost for federal IoMT security requirements. Introduced in March, the Protecting and Transforming Cyber Health Care (PATCH) Act would impose similar requirements. Device manufacturers should demonstrate cybersecurity precautions to the FDA before going to market; provide transparent SBOMs; and provide timely device security updates throughout the lifecycle of their products.
In June, the PATCH Act was approved by the American Hospital Association, which represents nearly 5,000 healthcare organizations and millions of healthcare professionals.
While proponents of medical device safety rightly regard the FDA's watered-down appropriations bill as a frustrating missed opportunity, efforts such as the PATCH Act and others that strengthen safety at the from the manufacturer will certainly continue.
But attackers aren't patiently waiting for lawmakers to get their act together (whether it's PATCH or some other measure). They continue to launch daily attacks on IoMT devices plagued by vulnerabilities. With no government cavalry coming to the rescue, the industry must rely on its own to secure its internet-connected devices and systems as effectively as possible.
Healthcare safety faces a daunting challenge for the IoMT...What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
