Healthcare Facilities Face Cyber Risks Due to Medical Devices Pt. 2
In our last post, we discussed some of the Ways in Which Cyber-Attacks Can be Reduced and Prevented. As these attacks are becoming more threatening to the majority of healthcare businesses, the last installment of prevention techniques will be divulged. These strategies, in addition to Healthcare Cyber Liability protection, can ensure company success.
Corrective Action Readiness Plan- Immediately following a breach, the healthcare facility should be prepared to respond both internally and externally. The end users should be made aware and advised on the proper steps to take. In addition, a retention and recovery strategy should be put into action and communication with those affected should be implemented to disclose how the breach is being managed.
Insurance Assessment- To recover from potential breaches, companies should examine their insurance coverage to discover their liabilities. What’s more, the company should be evaluated for additional exposures that may be present and analyzed by a professional risk assessment entity. Ensuing steps should be discussed with the insurance company in order to remedy the breach, as well.
Analyze Disclosure Duties to Healthcare Professionals and Networks- The FDA has recognized that medical device security is a shared responsibility between healthcare facilities, patients, providers, and manufacturers of the devices, according to Inside Counsel. As such, proper communication should be shared among all parties so that they all are contributing to its security maintenance. Proper training to those who use the equipment and maintaining records of use is also critical.
Legal Analysis of Miscellaneous Duties- Shareholders, stakeholders, and the public might be owed an explanation of a cyber-attack. As these breaches can be very invasive and severe, the Management Discussion and Analysis section of reports states that in house counsel should consider whether information concerning cybersecurity and cyber-incidents rises to the level of a Significant Risk Factor, or is a Known Event, Trend, or Uncertainty, as stated by Inside Counsel.
Reporting Plan to Government- The FDA must be notified if the functionality and performance of the device is compromised due to the breach. Further, if the facility’s network system is threatened, the FDA should be notified. These breaches should be reported to the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT).
In addition to bringing you the latest news from the insurance industry, PL Risk provides Resources for Agents and Brokers nationwide. We’ve recently implemented Hiscox Now, which allows agents their own access to Hiscox and instant quoting. To learn more about our operations, contact us today at (855) 403-5982.