The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.
Featured on the ACEDS blog.
Follow me on Twitter and see How-To Videos on my YouTube channel.
New tips for paralegals and litigation support profesionals are posted to this site each night. Click on the blog headings for better detail.
This past Sunday, The Wall Street Journal published an article discussing problems with the cyber security of medical devices. See, Evans, Melanie and Peter Loftus, "Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security", Wall Street Journal, May 12, 2019, available at https://www.wsj.com/articles/rattled-by-cyberattacks-hospitals-push-device-makers-to-improve-security-11557662400. The article referenced the results of a study by the Department of Health and Human Services, which shows there was a jump in data breaches in 2014. Before 2014, less than 1 million personal health records were breached each year. Since then at least 4 million records have been breached annually.
The problem is serious enough that surgeries were cancelled due to the WannaCry and NotPetya cyberattacks.
Hospitals often insist on having information about the proprietary software used to run medical devices. The FDA recommends that manufacturers disclose the software used in medical devices to the hospitals that purchase them, and contracts are requiring disclosure as well as the ability to run penetration attacks.