CHIME & AEHIS Leadership Support Medical Device Cybersecurity Act

ANN ARBOR, MI, Aug. 1, 2017 – On July 27, Senator Richard Blumenthal (D-CT) introduced the Medical Device Cybersecurity Act of 2017 (S.1656). The legislation would make the cybersecurity capabilities of medical devices more transparent to providers, clarifies expectations concerning security enhancements and maintenance of medical devices and establishes a cybersecurity emergency response team.

Below are statements by Liz Johnson, CHIME Board Chair and CIO of Acute Care Hospitals and Applied Clinical Informatics at Tenet Healthcare and Deborah Stevens, AEHIS Board Chair and Chief Security Officer at Tufts Health Plan on the introduction of the Medical Device Cybersecurity Act of 2017.

“CHIME members continue to identify cybersecurity as their top priority. The potential risks that networked medical devices pose to patients have been of great concern for our membership,” said CHIME Board Chair Liz Johnson. “We appreciate Senator Blumenthal’s leadership and interest in this complicated issue as providers try to ensure that patients get the benefits that medical devices offer without exposing them to potential safety risks. CHIME is pleased to endorse this legislation. We look forward to continuing a dialogue with members of Congress, the administration and industry partners on this critical issue.”

“The recent cyber attacks underscore the importance of this legislation. WannaCry and Petya shined a bright light on the vulnerabilities in the healthcare sector and more specifically with medical devices. On behalf of the AEHIS membership we applaud Senator Blumenthal for taking on this important issue,” said AEHIS Board Chair Deborah Stevens.

The Health Care Industry Cybersecurity Task Force Report delivered to Congress on June 2, 2017, highlighted the critical state of the healthcare industry’s cybersecurity posture. Among many other issues, the report offered a number of suggestions to improve medical device cybersecurity, some of which have been included in the Medical Device Cybersecurity Act of 2017.

The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers (CIOs) and other senior healthcare IT leaders. With over 2,400 CIO members and over 150 healthcare IT vendor partners and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit

The Association for Executives in Healthcare Information Security (AEHIS) was launched in 2014 in order to provide an education and networking platform to healthcare’s senior IT security leaders. With more than 650 members, AEHIS is advancing the role of the CISO through education, collaboration and advocacy in support of secure health information for the protection of both healthcare organizations and consumers. For more Information, please visit 

Candace Stuart
Director of Communications and Public Relations, CHIME
[email protected]