Medical Device Companies May Be Exposed to Cyber Liability Risks

Some Durable Medical Equipment (DME) manufacturers may now have to educate themselves to a new risk that can pose significant chance of loss if not properly prepared for.

An alert published on the government’s Industrial Control Systems Cyber Emergency Response Team website, cited research from Billy Rios and Terry McCorkle of the cyber security firm Cylance Inc., who said they have identified more than 300 pieces of medical equipment that are vulnerable to cyber attack. They include surgical and anesthesia devices, ventilators, drug infusion pumps, patient monitors and external defibrillators.

Reuters reports that because of the alarming new revelations,  the U.S. Food and Drug Administration on Thursday urged medical device makers and medical facilities to upgrade security protections to protect against potential cyber threats that could compromise the devices or patient privacy.

“Over the past year, we’ve become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” William Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health, said in an interview. “Hundreds of medical devices have been affected, involving dozens of manufacturers,” Mr. Maisel said, adding that many were infected by malicious software, or malware.

These new exposures have opened up a new opportunity for risk consultants to have conversations with DME manufacturers. This time, in addition to your traditional product liability insurance, it may be prudent to discuss cyber-liability coverage since this type of peril may not be specifically covered.