Medical Device Cybersecurity


The risks of failure of computer network security and unauthorized disclosure of private information are well-established in healthcare. 2015 was a noteworthy year for large breaches in healthcare, with major hacks against payers and providers, including Anthem and UCLA. In early 2016, the threat of intrusion from ransomware came to the foreground, with Hollywood Presbyterian Hospital publicly disclosing a threat against them and paying a ransom, and many other providers announcing that they also routinely face such attacks (while not necessarily paying the ransom demanded). These ransomware demands threaten the ongoing business activities of the provider, but also patient care and reputation as well.
This paper will review the cyber security risks that medical devices may present and how current insurances may respond to bodily injury exposures. We will also examine the current regulatory oversight of medical device software and security and provide a framework to analyze which insurance policies might respond to the breach, the parties that might be implicated in the chain of responsibility and how those policies collectively respond to bodily injury arising out of the failure of security of a medical device. [More]


Insurance carrier claims cyber exclusion – not obligated to pay $4.1 million settlement


The article from Business Insurance is instructive as to the fluid legal nature behind cyber liability, data breach coverage and the need to have closely analyzed the policy form. An insurance carrier is asking a court of law to rule that they are not obligated to pay a $4.1 million dollar class-action settlement. The insured was Cottage Health System, based in Santa Barbara, California which had approximately 32,500 confidential medical records exposed to the internet. [More]


Buy up enhancements for regulatory audits and cyber


While you undoubtedly have some form of malpractice insurance already, it may be wise to reexamine and up your policy in a number of different areas, namely regulatory audits and cyber coverage. This is due to the fact that healthcare laws have gone through a sea change in recent years due to Obamacare, leaving certain healthcare providers vulnerable through the policies that they purchased before these laws were passed. Additions to this policy will cost the average physician around $1,500 to $1,700 per year, which is pennies on the dollar compared to the type of protection it provides and what it will cost you if you aren’t properly covered in these newly reformed areas. [More]


What can a medical practice learn from a data breach at Target?


I received two emails today from the Chase Bank fraud department stating that my credit card information may at risk due to Target’s data security breach. Not that I shop at Target all that much, but if I had been there even once between November 27 and December 15 my card information could be at risk. So much for being proactive and not waiting until the last minute to buy a few Christmas gifts. The good news is that there is nothing to show that my data has been compromised and they are sending me new cards; however, that also means that I have to change all of my auto-pay bills that are set up on that specific credit card… which is essentially every recurring bill that I have. [More]


Social Media and Healthcare Best Friends or Worst Enemies


Social media isn’t just a fad. Facebook is a $100 billion company with 1.1 billion users, LinkedIn has over 200 million users throughout 200 countries, Twitter has successfully filed its initial public offering, and Google is one of the most valuable and powerful companies on the planet. The social media revolution has affected every industry, yet it poses unique challenges for the healthcare sector. [More]


Management Services Organizations (MSOs) - Emerging Trends in Hospital/Physician Affiliations


The landscape of healthcare practice structures continues to evolve and create new incarnations of medical service delivery models. An example of this evolution is the adaptation of physician clinical practices beyond the individual practice setting into the integrated and collaborative world of hospital ownership, large provider group absorption and Accountable Care Organizations etc. This consolidation trend towards a more broader based, top-down organization has resulted in an often frustrating loss of physician independence and control over their clinical practice. Management Services Organizations have gained prominence an organizational structure which solves some of these concerns by allowing physicians to maintain an element of independence while remaining competitive with larger corporate or hospital based provider groups. [More]