Medical Device Cybersecurity


The risks of failure of computer network security and unauthorized disclosure of private information are well-established in healthcare. 2015 was a noteworthy year for large breaches in healthcare, with major hacks against payers and providers, including Anthem and UCLA. In early 2016, the threat of intrusion from ransomware came to the foreground, with Hollywood Presbyterian Hospital publicly disclosing a threat against them and paying a ransom, and many other providers announcing that they also routinely face such attacks (while not necessarily paying the ransom demanded). These ransomware demands threaten the ongoing business activities of the provider, but also patient care and reputation as well.
This paper will review the cyber security risks that medical devices may present and how current insurances may respond to bodily injury exposures. We will also examine the current regulatory oversight of medical device software and security and provide a framework to analyze which insurance policies might respond to the breach, the parties that might be implicated in the chain of responsibility and how those policies collectively respond to bodily injury arising out of the failure of security of a medical device. [More]


Increased Healthcare M&A Activity: Representation and Warranty Insurance Coverage


The business of managing and operating health care facilities has grown increasingly more complex since the enactment of the Patient Protection and Affordable Care Act (PPACA) in 2010 and the Health Information Technology for Economic and Clinical Heath Act (HITECH) in 2009. Each medical facility must conform to a variety of new rules and regulations that include, but are not limited to: the adoption of Electronic Health Records (EHR), and the preparation for the transition to the 10th revision for the International Classification for Diseases (ICD-10) by October 1, 2015. The result has been a dramatic increase in healthcare mergers and acquisitions, as practice and facility budgets are not prepared to absorb the associated costs and additional liabilities. [More]