The PATCH Act is a bill that aims to improve device and network security.
A new Senate bill introduced this week (including legislation in the House) would require medical device developers to be more accountable for the cybersecurity of their products.
Sens. Tammy Baldwin, D-Wisconsin, and Dr. Bill Cassidy, R-Louisiana, have introduced the bipartisan Protecting and Transforming Cyber Health Care Act, which would establish a set of new criteria for device and network security.
It would establish cybersecurity requirements that:
- Established cybersecurity requirements for companies seeking premarket authorization from the Food and Drug Administration.
- Encourage developers and manufacturers to update devices and related systems across its purported lifecycle.
- Create a Software Bill of Materials for devices that will be distributed to customers.
- Require the creation of plans to monitor, identify, and remedy cybersecurity vulnerabilities once the product has been released.
- To show a device's safety and effectiveness, request a Coordinated Vulnerability Disclosure.
The current bill and the bill that it amends from 1990 are linked below.