House Energy and Commerce Committee Issues Request for Information Regarding Legacy Technologies in Healthcare

King & Spalding

On April 20, 2018, the House Energy and Commerce Committee posted a request for information regarding the cybersecurity risk posed by the use of legacy technologies in the healthcare sector (the RFI).  “Legacy” technology is the term used for older, including outdated, technology that is generally more insecure than more modern counterparts.  The Committee requests feedback regarding “legacy technology challenges, opportunities, considerations, and suggestions in the healthcare sector.”  The deadline for the submission of comments is May 31, 2018.  The comments will be made public.

The Committee’s RFI describes the gravity of the cybersecurity threat in the healthcare industry, as illustrated by the widespread “WannaCry” ransomware infection that affected healthcare providers in May 2017.  The Committee observes that reducing the cybersecurity threats in healthcare is complicated by the following: (i) medical technologies are more specialized than other IT products, so there are often few or no available alternatives; (ii) medical technologies are typically more costly than other IT products, and many hospitals operate on thin margins; and (iii) it is costly to find vulnerabilities in and continue support for legacy healthcare technologies.  Recognizing these challenges, the Committee requests additional input from diverse stakeholders regarding the challenges posed by legacy technologies and the opportunities that exist in addressing these challenges.

The RFI follows two hearings held last year by the House Energy and Commerce Subcommittee on Oversight and Investigations on the topic of cybersecurity in healthcare.  In the first hearing, held on April 4, 2017, titled “Cybersecurity in the Health Care Sector:  Strengthening Public-Private Partnerships,” the Subcommittee examined the need for greater leadership and improved coordination on cybersecurity issues in healthcare, with a particular focus on how the private and public sectors could work together moving forward.  In the second hearing, held on June 8, 2017, titled “Examining the Role of the Department of Health and Human Services in Health Care Cybersecurity,” the Subcommittee examined the role of the Department of Health and Human Services in cybersecurity efforts in healthcare.  For additional information regarding the June 8 hearing, please click here for the June 12, 2017 issue of Health Headlines.

The Committee’s RFI is here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.