We’re Taking You to Court!

This week’s Hacking Healthcare:
TLP White

Hot Links –

1. Going to Court – CareFirst has been involved in a series of lawsuits related to data breaches that it disclosed in 2014 and 2015. On November 1, CareFirst filed a petition with the Supreme Court. If the Supreme Court hears the case, it will set precedent for corporate liability resulting from data breaches.

In question is how the court defines harm to individuals whose data has been exposed through a data breach. In August, an appeals court determined that plaintiffs only had to demonstrate “substantial risk” of injury through the improper disclosure of private information. By December 1, the Supreme Court will decide to hear the case.

2. The medical device Lifecycle – Suzanne Schwartz, FDA Associate Director for Science and Strategic Partnerships, has been on a media offensive in the last few weeks. First, here’s a blog that she put out at the end of October, emphasizing the need for manufacturers to consider the security of a device along its full lifecycle. She followed this up with a recent appearance on the Healthcare Info Security podcast this week. She discusses last year’s Postmarket Cybersecurity Guidance, in particular highlighting the policy shift that enables manufacturers to issue security patches without seeking re-certification from the FDA.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

Read full blog below: