Technology Errors and Omission Risk—Despite a wearable device maker’s effort to market a reliable product that people can
use to enhance their quality of life, things can go very wrong. In
addition to bodily injury, a company can be held liable for an economic loss from the failure of a device to work as intended due to
an error, omission, or negligent act. Wearable device failures can
impact business continuity, reputation, and other factors. Companies that understand the unique nature of this risk category
can better protect themselves from liability claims.
Fenske: What types of safeguards might a medical wearables
manufacturer examine as a means of potentially avoiding hav-
ing their device hacked and their data accessed?
Nichols: At Travelers, we’ve certainly considered the potential of
a wearable device being hacked, or the health data that’s automatically uploaded to a cloud data store being hacked. It’s important to
note that any wearables manufacturer can protect itself by designing
simple, yet effect, security features into its devices. This can include:
Bluetooth encryption—Bluetooth offers an encryption API when
exchanging data between a device and its target data store, but not
all companies take advantage of it because it decreases battery life.
Encrypt critical data elements—The most critical pieces of data
transferred between wearable devices and data stores are user
IDs, passwords, and PIN numbers. Avoid transferring these data
elements in plain text, with no encryption at all.
Secure the cloud—Data is often transmitted from a wearable
device to a smartphone and then to a cloud data store. Virtualized
clouds can secure data with multiple diverse operating systems,
each operating within a different security context. Banks often
secure depositor payment details this way; wearables companies
should consider similar functionality.
Fenske: How likely is it that a more complex medical device such
as an insulin pump or an implantable device like a pacemaker, be
hacked and/or reprogrammed?
Nichols: At this point, the FDA [U.S. Food and Drug Admin-istration] is not aware of any patient injuries associated with cybersecurity incidents, nor is it aware of hackers purposely targeting any specific medical devices or systems in clinical use.
Device makers, however, should assess the likely frequency
and severity of all identified potential hazards, and by not incorporating cybersecurity in wearable technology at the outset
of design and production, they risk facing product liability and
other claims if a complex device were ever hacked.
The FDA’s recommendations for medical device manufactur-
ers and healthcare facilities to mitigate and manage cybersecurity
Remain vigilant about identifying risks and hazards associat-
ed with their medical devices, including risks related to cyberse-
curity, and put appropriate mitigations in place to address patient
safety risks and ensure proper device performance.
Hospitals and healthcare facilities should evaluate their network security and protect their hospital systems.
Fenske: What other issues or concerns do you see as primary
considerations for medical device manufacturers with respect
Nichols: It’s important for medical device manufacturers to
recognize that wearable technology creates risks beyond their
immediate business operations; it also creates risks for those
companies involved in other aspects of the supply chain process.
Among those at risk from wearable technology include:
Technology companies directly involved in the development,
manufacturing, and distribution of wearable devices. For example,
medical technology firms that handle personal health information
collected from wearable cardiac monitoring devices could incur
significant liability and expenses if they fail to appropriately safe-
guard such data. Likewise, firms that make holographic devices
could be at risk if their products are blamed for highway accidents
due to their customers using their products behind the wheel.
Technology companies acting as vendors or suppliers to wearable technology companies. For example, a software company
supplying GPS software incorporated into a wearable security
device could be held responsible if a user’s location history data is
stolen. An electronics manufacturer supplying a component part
for a hinge within a wearable prosthetic leg could be blamed if
the device fails, resulting in a severe patient injury.
Fenske: Where are we headed with wearable medical devices
in five to 10 years?
Nichols: Wearable technology and the Internet of Things are
poised to redefine mobility in the coming years. SNS Research
estimates that wearable device shipments will account for nearly
$30 billion in revenue in 2016, and grow at a compound annual
growth rate of 30 percent over the next five years. Swiss research
firm Soreon expects the wearables market to top $40 billion by
2020 in the healthcare market alone.
Perhaps some of the biggest quality-of-life improvements will
come in the healthcare space, in which wearable technology holds
the promise of detection, prevention, and treatment of chronic disease, as well as the ability to reduce healthcare costs. As wearable
technology continues to advance in the years to come, these devices have the potential to revolutionize many aspects of the medical
and healthcare space. Even today, individuals are already benefiting from medical devices that are currently on the market, such as:
For diabetics, the Medtronic Continuous Glucose Monitoring
System measures blood sugar levels through electronic sensors
placed slightly under the skin. A wireless transmitter attached to the
patient’s belt processes the data and transmits it to cloud data stores
for later analysis. It even decreases fingerstick requirements to only
two per day. An optional insulin pump delivers insulin as needed.
Cardiac patients can benefit from wearable heart monitors.
The ZIO Wireless Patch detects irregularities in cardiac rhythm,
and is far less bulky to wear than the legacy Holter monitor. For
more severe cardiac cases, the ZOLL LifeVest Wearable Defibrillator can detect life-threatening abnormal heart rhythms and deliver a treatment shock to restore healthy cardiac rhythm. v