Can software kill you?

This question might not have been taken seriously several years ago. But today, a hack can produce more than just a financial loss—it can become a life-threatening situation. This is because lifesaving or life-assisting devices such as pacemakers and insulin pumps are increasingly connected, making medical devices more vulnerable to cyberattacks than ever before. 

In fact, according to the ECRI Institute, the possibility of hackers exploiting remote access to systems and disrupting healthcare operations is one of 2019’s top 10 health technology hazards.1 While remote access is intended to enhance medical care, this technology can allow attackers to take advantage of vulnerable systems to steal data, install malware or interfere with the operations of systems or devices.


Not just a hack

Physicians and computer scientists at the University of California, San Diego demonstrated the effects of such an attack at the Black Hat 2018 conference.2  Researchers changed the results of a normal blood test to show that a patient was suffering from diabetic ketoacidosis. Seeing this, a physician might remote into the patient’s insulin pump to adjust the settings. This could lead to an adverse reaction by the patient, potentially inducing a coma or worse.  

The Food and Drug Administration (FDA) has taken steps to ensure that medical device manufacturers make cybersecurity a part of their product development. Despite these regulations, the Department of Health and Human Services released a report recommending the FDA scrutinize medical device cybersecurity more closely, as they found that there were weaknesses in the FDA’s existing policies and procedures.3


One lifeline: an independent agent

“Agents serving the life sciences industry need a partner carrier that offers underwriting, claims and risk management experts who can assist in developing customized solutions for these risks and more,” according to Toby Levy, Vice President, Technology and Life Sciences at The Hanover.

Hanover Fusion helps agents solve for the challenges their life sciences organizations face, responding with coverages that are flexible and built to evolve with this dynamic market.


In addition to providing traditional product liability coverage, Hanover Fusion can be tailored to include coverage for errors and omissions, information security, privacy and personal injury.  

No business is immune to cyber risk, but for those with connected medical devices and records, the stakes are even higher. The Hanover is ready to help mitigate these risks. Learn more about Hanover Fusion, a multi-coverage solution for life sciences companies.


1 ECRI Institute 2019 Top 10 Health Technology Hazards Executive Brief
2 Medical Design & Outsourcing
3 Department of Health and Human Services Office of Inspector General