Letter: AHA Writes to Senate in Support of The PATCH Act June 24, 2022

June 24, 2022

The Honorable Bill Cassidy, M.D.
United States Senate
520 Hart Senate Office Building
Washington, DC 20510

The Honorable Tammy Baldwin
United States Senate
709 Hart Senate Office Building
Washington, DC 20510

Dear Senators Cassidy and Baldwin:

On behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners — including more than 270,000 affiliated physicians, 2 million nurses and other caregivers — and the 43,000 health care leaders who belong to our professional membership groups, the American Hospital Association (AHA) writes in support of the Protecting and Transforming Cyber Health Care (PATCH) Act (S.3983). AHA and its members are strongly committed to preparing for and preventing cyber-attacks

We are pleased to support this legislation to improve the security of medical devices, which can create cyber vulnerabilities and serious risks to the security and privacy of patient data along with vital medical technology used in care delivery. Cyber vulnerabilities in medical devices, often containing outdated legacy technology, have posed a significant cyber risk to hospitals. In 2017 the FBI reported that the North Korean WannaCry ransomware attack, which impacted hospitals around the globe, marked the first FBI observed cyberattack that affected medical device operability due to vulnerabilities present in those devices. Unfortunately, there have been scores of foreign-based ransomware attacks targeting U.S. hospitals since then, impacting medical device operability and risking patient safety.

Manufacturers should be accountable for developing products with appropriate security controls, as well as updating devices as cyber threats continue to evolve. We also encourage the inclusion of a provision to clarify that FDA approval of devices would not be jeopardized as manufacturers provide these updates. Great strides have been made by hospitals and health systems to defend provider networks, secure patient data, preserve health care delivery and, most importantly, protect patient safety

We appreciate your leadership on this critical issue and look forward to working together to ensure the security of medical devices.

Sincerely,

/s/

Stacey Hughes
Executive Vice President

Related Resources

Advancing Health Podcast
Public
Health care is currently seeing a dramatic increase in cyberattacks, including disruptive ransomware attacks that interrupt patient care and risk patient…
Advisory
Public
The FBI, jointly with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury, today issued a public cybersecurity…
AHA Center for Health Innovation Market Scan
Health care is under attack as never before from cybercriminals, and the stakes are rising for hospitals and patient safety. The latest potential threat: The…
Advancing Health Podcast
Public
Over the past few years every leader of health care organization in the country has had to acknowledge the threat of a cyberattack that has the potential to…
Advancing Health Podcast
Public
In this special Cybersecurity podcast we have the opportunity to talk to leaders of an AHA member hospital who was a victim of a major ransomware attack in the…
Letter/Comment
Public
AHA letter to Senators Jack Rosen and Bill Cassidy, M.D. voicing support of the Healthcare Cybersecurity Act (S.3904).