Cathy McMorris Rodgers - Chair of the House Energy and Commerce Committee | Official U.S. House headshot
Cathy McMorris Rodgers - Chair of the House Energy and Commerce Committee | Official U.S. House headshot
Congressman Gary Palmer, representing Alabama's Sixth District, recently addressed concerns about cybersecurity vulnerabilities in legacy medical devices during a Subcommittee on Oversight & Investigations hearing. He underscored the challenges these devices pose due to aging technology.
Palmer explained that legacy medical devices often lack adequate protection against contemporary cybersecurity threats. He noted that although some devices are of older make, newer ones with outdated software can also be at risk. "There is a broad range of medical devices that can be vulnerable to cybersecurity threats," he said, citing patient monitors, infusion pumps, and imaging systems as examples.
Highlighting the integral role medical devices play in healthcare delivery, especially in the U.S. with its vast hospital network, Palmer pointed out the discrepancy between the lifespan of hardware and software. While hardware can last decades, software may become obsolete sooner, complicating efforts to patch or update systems against vulnerabilities.
Palmer also noted financial and logistical challenges in replacing such devices, putting smaller or under-resourced healthcare facilities at extra risk. He emphasized the health sector's vulnerability to cyberattacks, referencing the 2017 WannaCry ransomware attack that exposed weaknesses in unpatched systems.
He expressed concerns over patient safety and national security due to potential exploitation of device vulnerabilities. A recent alert by the Cybersecurity and Infrastructure Security Agency and FDA highlighted issues with a Chinese patient monitor capable of remote access and data extraction, raising fears of potential large-scale cyberattacks.
Palmer acknowledged progress made with the 2022 PATCH Act, which bolstered FDA’s oversight of medical device cybersecurity. However, he emphasized ongoing risks associated with pre-existing legacy devices. The hearing provided a platform for experts to discuss coordinated efforts to mitigate these cybersecurity threats. "I thank our witnesses for joining us today and sharing their expertise to guide the efforts in addressing these challenges," Palmer stated, recognizing their contributions.
Following his presentation, Palmer handed the discussion over to the Subcommittee's Ranking Member, Ms. Clarke, for her opening statement.
Alerts Sign-up