The PATCH Act

A bill that aims to improve medical device and network security.

The PATCH Act

The PATCH Act is a bill that aims to improve device and network security.

A new Senate bill introduced this week (including legislation in the House) would require medical device developers to be more accountable for the cybersecurity of their products.

Sens. Tammy Baldwin, D-Wisconsin, and Dr. Bill Cassidy, R-Louisiana, have introduced the bipartisan Protecting and Transforming Cyber Health Care Act, which would establish a set of new criteria for device and network security.

It would establish cybersecurity requirements that:

  • Established cybersecurity requirements for companies seeking premarket authorization from the Food and Drug Administration.
  • Encourage developers and manufacturers to update devices and related systems across its purported lifecycle.
  • Create a Software Bill of Materials for devices that will be distributed to customers.
  • Require the creation of plans to monitor, identify, and remedy cybersecurity vulnerabilities once the product has been released.
  • To show a device's safety and effectiveness, request a Coordinated Vulnerability Disclosure.

The current bill and the bill that it amends from 1990 are linked below.

Documents to download

Print
Please login or register to post comments.