New Proposed Bill Takes Aim at Medical Device Cybersecurity
October 10, 2017
The Internet of Medical Things Resilience Partnership Act, a new bill co-sponsored by Representatives Dave Trott and Susan Brooks, was recently introduced to the U.S. House of Representatives to address life-threatening cybersecurity vulnerabilities with medical devices.

“There are millions of medical devices susceptible to cyberattacks and often times, we are wearing these networked technologies or even have them embedded in our bodies,” Brooks said in a release. “Bad actors are not only looking to access sensitive information, but they are also trying to manipulate device functionality. This can lead to life-threatening cyberattacks on devices ranging from monitors and infusion pumps to ventilators and radiological technologies.”

The bill would bring together representatives from groups (such as the FDA), academia, and the medical device industry to collect and centralize cybersecurity guidelines and standards. The committee would essentially be tasked with identifying and determining solutions for the existing gaps in current protocols and creating a framework as a point of reference for Internet of Medical Things (IoMT) developers.

How Exponent Can Help

Exponent has performed security architecture analysis and design for complex electronic medical devices, as well as other consumer electronic and computer systems. Exponent’s consultants have broad knowledge and experience in computer and information security. We understand the technologies involved in networked medical devices and have experience with existing and developing FDA guidelines regarding cybersecurity, existing cybersecurity standards such as the ISO 27k series, ISO 80001, ISO 14971, the NIST SP-800 series.

Exponent consultants are founding members of the Secure Technology Alliance’s IoT Security Council, which has published guidance for best practices and implementation of IoT architectures using embedded security and privacy. We apply our knowledge of technology, standards, and risk analysis to appropriately mitigate vulnerabilities in networked medical devices.