WASHINGTON, DC - Energy and Commerce Committee Chairman Greg Walden (R-OR) today sent a letter to the Department of Health and Human Services (HHS) requesting they convene a sector-wide effort to establish a plan of action for creating, deploying, and leveraging software bill of materials (SBOM) for health care technologies. The request follows a recent #SubOversight hearing examining HHS’ role in health care cybersecurity, and letters on outbreaks like NotPetya.
The Health Care Industry Cybersecurity Task Force’s recent report recommended SBOM as one solution to assist organizations in better protecting the technologies they rely upon. SBOM would exist for each piece of medical technology the organization has, and would detail the types of software and hardware each contains.
“The Task Force’s report, post-outbreak analyses of WannaCry and NotPetya, and Committee staff work on health care issues all demonstrate the risks presented by the continued prevalence of insecure and legacy components in health care technologies," wrote Chairman Walden. “This situation is untenable and elevates the need to explore the Task Force’s recommendation on the creation and deployment of BOMs. While the implementation and use of BOMs will not completely protect the health care sector from cyber threats, it is an important, common-sense step towards improving the cybersecurity of the sector overall."
Chairman Walden continued, “As such, I write today to request that the Department of Health and Human Services convene a sector-wide effort to develop a plan of action for creating, deploying, and leveraging BOMs for health care technologies. This will require an open and collaborative process to ensure that all interested stakeholders have an opportunity to contribute to this discussion in the interest of achieving the strongest and most effective solution."
