All Information (Except Text) for S.1656 - Medical Device Cybersecurity Act of 2017115th Congress (2017-2018)
|Sponsor:||Sen. Blumenthal, Richard [D-CT] (Introduced 07/27/2017)|
|Committees:||Senate - Health, Education, Labor, and Pensions|
|Latest Action:||Senate - 07/27/2017 Read twice and referred to the Committee on Health, Education, Labor, and Pensions. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
There is 1 version of this bill. View text
Click the check-box to add or remove the section, click the text link to scroll to that section.
Titles Actions Overview All Actions Cosponsors Committees Related Bills Subjects Latest Summary All Summaries
Actions Overview (1)
|07/27/2017||Introduced in Senate|
07/27/2017 Introduced in Senate
All Actions (1)
|07/27/2017||Read twice and referred to the Committee on Health, Education, Labor, and Pensions.|
Action By: Senate
07/27/2017 Read twice and referred to the Committee on Health, Education, Labor, and Pensions.
|Committee / Subcommittee||Date||Activity||Related Documents|
|Senate Health, Education, Labor, and Pensions||07/27/2017||Referred to|
Subject — Policy Area:
One Policy Area term, which best describes an entire measure, is assigned to every public bill or resolution.
Latest Summary (1)
Introduced in Senate (07/27/2017)
Medical Device Cybersecurity Act of 2017
This bill amends the Federal Food, Drug, and Cosmetic Act to require the Food and Drug Administration (FDA), in coordination with others, to create a cybersecurity report card for devices that have network or Internet connectivity, connect to an external drive or external media, or have any other cyber capability.
Report cards must contain specified information, including: (1) information pertaining to the essential elements described in the most recent version of the Manufacturer Disclosure Statement for Medical Device Security, (2) a cybersecurity risk assessment conducted by the manufacturer or third party, and (3) whether the device is capable of being accessed remotely.
A cyber device manufacturer must include a report card in any premarket notification or application for premarket approval. The FDA shall provide a copy of a device's report card if requested by a health care industry entity or an entity with a valid interest in the report card.
The bill establishes procedures, including notifications to providers and patients, for manufacturers when cyber devices are remotely accessed or no longer going to be sold. Fixes and updates to cyber devices must be free of charge for specified time periods.
The bill expands the responsibilities of the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team to include investigating cybersecurity vulnerabilities of cyber devices that may cause harm to human life or the significant misuse of personal health information, and coordinating device-specific responses.