A member of the Senate Finance Committee and chair of the Senate cybersecurity caucus, Warner pointed to apparent gaps in oversight, expressed concern about the impact of cyberattacks on the health care sector, and said he wants to help develop strategies that strengthen information security.
Ransomeware and other cyberattacks have stunned the healthcare industry. The 2017 WannaCry attack affected hospitals in the U.S. and U.K., including medical devices made by Bayer, Siemens and others, according to the Health Information Trust Alliance. A 2017 report by internet security software company Trend Micro found that more than 100,000 medical devices and systems were exposed directly to the public internet. The U.S. Department of Homeland Security issued an alert in 2018 indicating that several GE Healthcare imaging devices were vulnerable to cyberattack.
Healthcare hacking incidents accounted for 44% of all tracked data breaches in 2018, the most of any type of breach, according to a report published in HIPAA Journal. FDA published an updated draft of its cybersecurity premarket guidance for medical device makers in October 2018.
Warner’s office sent the letters to medtech trade group AdvaMed, the Healthcare Information and Management Systems Society, the American Hospital Association, and several other organizations.
“I would like to work with you and other industry stakeholders to develop a short and long term strategy for reducing cybersecurity vulnerabilities in the health care sector,” Warner said in the letter. “It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience, and security of our health care industry.”