Healthcare organizations need to consider a number of legal issues when it comes to cybersecurity incidents involving medical devices, says attorney Thomas Barnard of the law firm Baker Donelson.”There are a couple layers that we need to be concerned about,” Barnard says in an interview with Information Security Media Group. “You have individual liabilities for individuals, and you have individual liabilities for organizations.”For consumers and patients, personally identifiable information is at risk if these devices are breached and stolen information is used to commit identity fraud.”If I’m a consumer of health services, my personal and private health information is stored on these devices. It’s in many forms. So, one of the liabilities is that the information could be used to steal my identity and create liabilities for me, or potentially blackmail me,” he says.And the organizations that use these devices, “have a duty to protect this health information from foreseeable risks,” he adds.

Source: Click here