House Committee urges HHS to improve security on medical devices

In a letter written to HHS Acting Secretary Eric D. Hagan, House of Representatives Committee on Energy and Commerce Chairman Greg Walde, R-Oregon, urged the agency to develop a sector-wide plan of action in deploying a “bill of materials” (BOM) for healthcare technology.

Citing the large cyberattacks WannaCry and NotPetya, Walden stated that the lack of visibility in stakeholders knowing what software or hardware is in healthcare technologies is a risk to providing care. In response to these findings, Walden wrote about the Health Care Industry Cybersecurity Task Force’s recommendation of using BOMs to improve the security of medical technology.

“Having a 'bill of materials' is key to organizations to manage their assets because they must first understand what they have on their systems before determining whether these technologies are impacted by a given threat or vulnerability,” wrote the task force in its recommendation. “Moreover, this transparency enables health care providers to assess the risk of medical devices on their networks, confirm components are assessed against the same cybersecurity baseline requirements as the medical device and implement mitigation strategies when patches are not available.”

Walden concluded the letter by asking HHS to arrange efforts into creating a plan to deploy BOMS for healthcare technology as a first step toward improving cybersecurity.

“While the implementation and use of BOMs will not completely protect the health care sector from cyber threats, it is an important, common-sense step towards improving the cybersecurity of the sector overall,” Walden wrote.