From smart refrigerators to door locks you control with your phone, virtually every aspect of our lives has gone digital. Our healthcare is no exception. Medical devices such as insulin pumps and implantable cardiac pacemakers are going “online” which means that just like computers and their networks, these devices can be vulnerable to security breaches.
A computer virus disabling your computer or stealing your data is, of course, bad. But a computer virus disabling a device that keeps you alive is a terrifying concept. What can be done to preserve the integrity of medical devices while still taking advantage of the benefits networking can provide.
Global cyber-attacks in 2017 had a significant impact on infrastructure in all areas, including public health. Hospitals, pharmaceutical companies, and even airports were affected by cybercriminals who unleashed copies of ransomware, with demands of payment to restore access to computer networks and crucial files.
Suzanne B. Schwartz, FDA’s Associate Director for Science and Strategic Partnerships says “Because cybersecurity threats are a constant, manufacturers, hospitals, and other facilities must work to prevent them. There is a need to balance protecting patient safety and promoting the development of innovative technologies and improved device performance.”
Late last year, The House Energy and Commerce Committee asked the Department of Health and Human Services to begin drawing up plans to provide more transparency about the cybersecurity risks within medical devices. Providing more information about the software and hardware within medical devices a basic step that can help organizations protect against known vulnerabilities.
The FDA has published guidances that contains recommendations for comprehensive management of medical device cybersecurity risks throughout the total product life cycle. This includes closely monitoring devices already on the market for cybersecurity issues. The FDA’s overall approach incentivizes industry to make changes to marketed and distributed medical devices to reduce risk.
Going forward, hopefully these practices will better protect both the patients and the providers. However, what can be done right now? In the healthcare industry, we are all obviously familiar with health insurance and malpractice insurance. But did you know you can also protect yourself with cyber liability insurance?
If a doctor’s office uses e-mail, has a website, a computer network, practice laptops, or stores private patient information on their systems, then they need cyber insurance. Cyber insurance was created as a result of the expansion of liabilities against companies for breach of private information, and insurance for digital assets. Medical cyber liability risks are growing so rapidly that many predict they are now greater than malpractice risk.
There is currently more emphasis on the enforcement of the complex laws directly and indirectly affecting data breaches by healthcare providers, so even if you believe you have insurance protection, it is wise to have your cyber liability exposure reviewed to evaluate whether you have adequate coverage. This assessment can best be accomplished with the assistance of an experienced insurance broker who has expertise in healthcare providers’ malpractice risk.
Emerald Coast Medical Association’s cyber security partners would be happy to put the experts at your defense in this ever-changing cyber environment. Click below to learn how you can get a no-obligation assessment of your current policy. The future is now, be prepared!