Is failure to be cybersecure medical malpractice?

Failure to provide adequate cyber security in a healthcare facility can be medical malpractice. Last year, healthcare became the most frequently hacked industry in the US. According to a recent ECRI analysis, 90% of healthcare providers suffered security breaches in the past. With attackers spending an average of 200 days in a network it is estimated that 1 in 3 Americans will have his or her health records compromised by hackers in 2016. Every patient breached record costs an average of $363. Cyber attacks cost the healthcare industry yearly an average $6 billion. Last year hackers stole $88.4 million by hacking health records.

Quest Diagnostic, a medical laboratory based in New Jersey but handling tests for many New York City Healthcare facilities just announced that it was hacked. 34’000 patients had their data exposed according to the New York Times.

Health records are the main targets of cyber attacks but medial devices are also being hijacked putting patients at risk of dangerous health incidents. To make sure patients are safe and to avoid negligence lawsuits the healthcare industry has to fight back. Equipment needs to be proprely managed and security patches need to be timely implemented. Network security needs to be reviewed on a regular basis. Vulnerable medical devices must be identified. When reusing an electronic medical device on a new patient, the medical staff must make sure that all previous data are erased.  Requests for Proposals to manufacturers or consultants must be exchanged in a cyber safe manner. New devices or patches that are added to the network must be tested before being released.