Inside Counsel reports that the Food and Drug Administration’s recent Safety Alert regarding Hospira’s PCA3 and PCA5 Infusion Pump Systems stated “Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device company operates.”
Cyber Security Protocols- A written policy can ensure that threats are routinely updated, technical security controls such as firewalls, passwords, and authentication methods are in place, and effective procedures are active that prevent unauthorized access to devices and systems, according to Inside Counsel. Implementing these policies can help reduce the risk of compromising another networked hospital or third party in which data or information is shared.
Cybersecurity Breach Assessment- In the unfortunate event of a breach, ensure proper protocols are followed including enacting a responsive and prompt action plan. This should also include strict, limited user accessibility to trusted people and devices and making sure confidential company information is managed and secured. After a breach occurs, experts recommend performing an extensive audit to discover which assets and information was breached.
Employee Training- Company procedures regarding cybersecurity should be clearly known, promoted, and followed. Some tips to consider: hosting an obligatory training and compliance course, regular cyber policy updates to be announced company wide, and tracking attendance to ensure participation.
Legal Evaluation- Liability for such invasive breaches should be reviewed by a lawyer to determine indemnity, provisions, policies, vulnerabilities, and analyze exposure gaps that need to be accommodated. Becoming familiar with these policies can help to minimize financial responsibility in the long run.
Design, Testing, and Manufacturing Risk Assessment- Analyze the risks involved with the product during the developing stages to determine any potential cyber exposures. Experts recommend that the IT department works alongside the legal counsel in order to ensure proactive design hazards are caught prior to being put in healthcare facilities, as stated by Inside Counsel.
In our next post, we will discuss a few more implications of cyber liability as it relates to healthcare devices.
In addition to bringing you the latest news from the insurance industry, PL Risk provides Resources for Agents and Brokers nationwide. We’ve recently implemented Hiscox Now, which allows agents their own access to Hiscox and instant quoting. To learn more about our operations, contact us today at (855) 403-5982.