Skip to content

Senators Baldwin, Cassidy Introduce Bipartisan Bill to Secure Health Care Infrastructure and Protect Patients

WASHINGTON, D.C. – U.S. Senators Tammy Baldwin (D-WI) and Bill Cassidy, M.D. (R-LA) introduced the Protecting and Transforming Cyber Health Care (PATCH) Act, to help ensure that the U.S. health care system’s cyber infrastructure remains safe and secure for American patients. Over the course of the pandemic, there have been a number of ransomware attacks that have impacted medical devices and larger networks. These attacks affect patients, hospitals, and the medical device industry.

“In recent years, we’ve seen a significant increase in cyber-attacks that have exposed vulnerabilities in our health care infrastructure, impacting patients across Wisconsin and the country. We must take these lessons learned to better protect patients,” said Senator Baldwin. “I am excited to introduce the bipartisan PATCH Act to ensure that innovative medical technologies are better protected from cyber threats, and keep personal health information safe while also finding new ways to improve care.”

"New medical technologies have incredible potential to improve health and quality of life," said Dr. Cassidy. "If Americans cannot rely on their personal information being protected, this potential will never be met."

U.S. Representatives Michael C. Burgess, M.D. (R-TX) and Angie Craig (D-MN) introduced the companion legislation in the House of Representatives.

The PATCH Act would:

  • Implement critical cybersecurity requirements for manufacturers applying for premarket approval through the Food and Drug Administration (FDA).
  • Allow for the manufacturer to design, develop, and maintain processes and procedures to update and patch the device and related systems throughout the lifecycle of the device.
  • Establish a Software Bill of Materials for the device that will be provided to users.
  • Require the development of a plan to monitor, identify, and address post market cybersecurity vulnerabilities.
  • Request a Coordinated Vulnerability Disclosure to demonstrate safety and effectiveness of a device