American state-level lawmakers are working to reduce liability for healthcare organisations amidst a rise in cyberattacks and data breaches. These moves, which aim to reduce the prevalence of class-action lawsuits in cases of breaches, are controversial. Advocates argue they protect providers unfairly targeted despite cautionary measures, enable further investment in cybersecurity, and believe state-level legislation allows for nuanced approaches. Critics, however, suggest they reduce incentives for data protection and prioritise minimising payouts over security improvement.
Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted
