The Protecting Medical Devices from Cyber Attacks Act, also known as the PATCH Act (S.1690), is a proposed legislation aimed at improving the cybersecurity of medical devices in the United States (Congress, 2019). With the increasing number of connected medical devices, such as pacemakers, insulin pumps, and ventilators, there is a growing threat of cyber attacks which could compromise the safety and efficacy of the devices, potentially leading to serious injury or death (FDA, 2021).

The PATCH Act was introduced in the United States Congress in 2019 and has been referred to the Committee on Energy and Commerce (Congress, 2019). The act aims to address the growing threat of cyber attacks on medical devices by requiring the Food and Drug Administration (FDA) to establish cybersecurity standards for medical devices and to establish a process for addressing vulnerabilities in these devices (S.1690, 2019).

Under the PATCH Act, the FDA would be required to develop a framework for evaluating the cybersecurity of medical devices before they are approved for use (S.1690, 2019). This framework would include criteria for evaluating the device’s security features, the potential risks of a cyber attack, and the device’s potential impact on patient safety (S.1690, 2019). The FDA would also be required to establish a process for identifying and addressing vulnerabilities in medical devices that are already in use (S.1690, 2019).

The PATCH Act would also require manufacturers of medical devices to report any known vulnerabilities in their products to the FDA, as well as to take steps to address these vulnerabilities (S.1690, 2019). Manufacturers would also be required to provide cybersecurity training to their employees and to work with the FDA to develop best practices for cybersecurity in the medical device industry (S.1690, 2019).

In addition to these requirements, the PATCH Act would establish a grant program to fund research into the development of new cybersecurity technologies for medical devices (S.1690, 2019). This program would be administered by the National Institute of Standards and Technology (NIST) and would aim to support the development of innovative solutions to protect medical devices from cyber attacks (S.1690, 2019).

Overall, the PATCH Act is an important step towards improving the cybersecurity of medical devices in the United States (FDA, 2021). By establishing standards for the evaluation and protection of these devices, the PATCH Act would help ensure the safety and efficacy of medical devices for patients and healthcare providers (S.1690, 2019).

References: Congress. (2019). S.1690 – Protecting Medical Devices from Cyber Attacks Act of 2019. Retrieved from https://www.congress.gov/bill/116th-congress/senate-bill/1690

Food and Drug Administration. (2021). Medical Devices and the COVID-19 (Coronavirus) Pandemic. Retrieved from https://www.fda.gov/medical-devices/medical-devices-and-the-covid-19-coronavirus-pandemic/medical-devices-and-cybersecurity

S.1690 – Protecting Medical Devices from Cyber Attacks Act of 2019. (2019). Retrieved from https://www.congress.gov/bill/116th-congress/senate-bill/1690