Cyberattacks on healthcare entities, including assaults targeting medical devices, are prompting new legal questions, including whether malpractice or cyber insurance would cover a breach that resulted in an injury to a patient, says litigation attorney Patricia Carreiro.
And because of those evolving legal questions, healthcare entities need to do their homework, she says.
"You always want to pay attention to what the courts are doing, particularly since there's so little guidance that we've gotten already," says Carreiro, an attorney at the law firm Axinn, Veltrop & Harkrider, in an interview with Information Security Media Group. "But you don't have to wait until then. You can also be looking at the policies you have in place now and paying attention to where the gaps are."
Healthcare organizations should analyze both their cyber insurance and malpractice policies "because every cyber policy has different language, covers different things," she says. For example, many such policies don't cover personal injuries. Plus, it's not yet crystal clear whether most malpractice policies would cover an injury stemming from a cyberattack.
"You want to make sure when you're putting together your insurance coverages that you're looking at all your policies and seeing how they fit together," she says.
In the interview (see audio link below photo), Carreiro also discusses:
- How insurance brokers can help sort out specific issues in cyber insurance and malpractice coverage;
- The legal issues involving ransomware or other cyberattacks that impact data versus patient care;
- The evolving legal issues tied to cyberattacks involving medical devices.
Carreiro practices in Axinn, Veltrop & Harkrider's litigation group and has experience in a broad range of civil litigation, including commercial and insurance disputes. She has appeared before courts and administrative agencies and frequently publishes on cybersecurity issues.