There is 1 version of this bill. View text

Click the check-box to add or remove the section, click the text link to scroll to that section.
Titles Actions Overview All Actions Cosponsors Committees Related Bills Subjects Latest Summary All Summaries

Titles (2)

Short Titles

Short Titles - Senate

Short Titles as Introduced

Medical Device Cybersecurity Act of 2017

Official Titles

Official Titles - Senate

Official Titles as Introduced

A bill to amend the Federal Food, Drug, and Cosmetic Act to provide cybersecurity protections for medical devices.


Actions Overview (1)

Date Actions Overview
07/27/2017Introduced in Senate

All Actions (1)

Date All Actions
07/27/2017Read twice and referred to the Committee on Health, Education, Labor, and Pensions.
Action By: Senate

Cosponsors (0)

No cosponsors.


Committees (1)

Committees, subcommittees and links to reports associated with this bill are listed here, as well as the nature and date of committee activity and Congressional report number.

Committee / Subcommittee Date Activity Related Documents
Senate Health, Education, Labor, and Pensions07/27/2017 Referred to

No related bill information was received for S.1656.


Subjects (1)


Latest Summary (1)

There is one summary for S.1656. View summaries

Shown Here:
Introduced in Senate (07/27/2017)

Medical Device Cybersecurity Act of 2017

This bill amends the Federal Food, Drug, and Cosmetic Act to require the Food and Drug Administration (FDA), in coordination with others, to create a cybersecurity report card for devices that have network or Internet connectivity, connect to an external drive or external media, or have any other cyber capability.

Report cards must contain specified information, including: (1) information pertaining to the essential elements described in the most recent version of the Manufacturer Disclosure Statement for Medical Device Security, (2) a cybersecurity risk assessment conducted by the manufacturer or third party, and (3) whether the device is capable of being accessed remotely.

A cyber device manufacturer must include a report card in any premarket notification or application for premarket approval. The FDA shall provide a copy of a device's report card if requested by a health care industry entity or an entity with a valid interest in the report card. 

The bill establishes procedures, including notifications to providers and patients, for manufacturers when cyber devices are remotely accessed or no longer going to be sold. Fixes and updates to cyber devices must be free of charge for specified time periods.

The bill expands the responsibilities of the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team to include investigating cybersecurity vulnerabilities of cyber devices that may cause harm to human life or the significant misuse of personal health information, and coordinating device-specific responses.