FDA Medical Device Guidance
The Food and Drug Administration has released “long-awaited” guidelines on the cyber security of medical devices.
Obviously, this is a concern for health and life insurers, but it is also relevant to other areas of coverage, such as automobile or any insurance that pays medical claims.
“There is no such thing as a threat-proof medical device,” said Suzanne Schwartz, director of emergency preparedness at the FDA’s Center for Devices and Radiological Health, in an article in “USA Today” on the release of the guidelines.
“…many device manufacturers and software vendors only learn of vulnerabilities in their products after said products have been hacked.”
“It is important for medical device manufacturers to remain vigilant about cyber-security and to appropriately protect patients from those risks.”
Important indeed. One would think that such statements would be followed by some specific safety requirements, or at least by substantive recommendations.
Instead, the article noted, “The agency is recommending that manufacturers consider cyber security risks as they design and develop medical devices.”
And which particular risks might those be? It seems there is again no specificity.
Once having “considered” those risks, however, the FDA says companies should give the FDA information about the potential risks they found, as well as what controls they put in place to mitigate them.
While this is a nice idea, it ignores certain realities in the world of technology development in general and cyber security in particular.
First, many device manufacturers and software vendors only learn of vulnerabilities in their products after said products have been hacked.
Yes, it would be fair to say that manufacturers and vendors should do a better job of testing in order to ferret out potential problems, but it is also fair to say that the number of ways to crack a product’s code are many and that not all of those ways are likely to be anticipated.
And at some point in the product development process, the testing phase must come to an end — unless the vendor is oblivious to the possibilities for profitably marketing a given product.
“Many devices are poorly secured and do not require a lot to hack. If there is sufficient incentive to do so, it will happen, causing harm to patients,” said Shel Sharma, director of product marketing for Cyphort, a threat-detection company, in the published piece.
But why would anyone want to hack into a medical device, implanted or otherwise? One obvious reason might indeed be to do harm to that individual. If an implant suddenly overheats and loses functionality, who is to say it wasn’t an accident, as opposed to attempted murder?
More ominous, however, is the idea that devices of various kinds must, by design, interface with broader medical systems that contain much more data — including confidential data on health and things like Social Security numbers. It might also be that a compromised device would provide a gateway to an entire enterprise, allowing for mischief and significant data loss, and the liability that would accompany same.
And liability is precisely the point for insurers of nearly any stripe. Of course, this whole risk scenario may represent a new area of insurance coverage to be marketed by our carriers.
Even in that case, however, insurers hardly want device makers to make things easy for criminals, because the carriers must then pay the claims. The FDA held a national workshop on medical devices and cyber security in October. Let’s hope the risks and the solutions that emerge from that gathering are more clearly defined.
Court Upholds Reservation of Rights
Wellons Inc. created two thermal oxidation energy systems in 2002 for Langboard Industries in Quitman, Ga., that were designed to generate electricity to be sold to Georgia Power.
During the construction phase in 2004, a “tube bundle” collapsed, causing extensive property damage, but the system was ultimately placed in service by June 2005, at which time leaks were discovered in the “superheater” portion of the system, according to court documents.
To fix the leaks and seal weld the joints, Wellons hired Hunt Construction, which completed the work in March 2006. The superheater was put back into service even though leaks still occurred. Two weeks later, one of the superheater tubes “completely severed.” Wellons claimed Hunt’s faulty repair work was responsible.
Langboard requested a new superheater, at a cost of $850,000, to be designed and installed as the current system was “not conducive to long term operation.” Wellons agreed, but did not immediately notify Lexington Insurance Co., which had issued a commercial general liability policy, with a per occurrence limit of $1 million. Lexington also had issued an umbrella policy, with a per occurrence limit of liability of $10 million.
Two months later, Hunt filed suit against Wellons for monies owed for its work. Lexington was notified through its agent, referencing the CGL policy and not the umbrella policy. Lexington issued a reservation of rights letter, notifying the company it was “investigating this matter.”
Langboard eventually filed suit against Wellons in 2007. Lexington sent another, similar reservation of rights letter.
After a jury trial in 2010, Langboard was awarded $8.4 million for breach of the purchase and construction agreements. A month later, Lexington advised Wellons it had “no obligation” to defend or indemnify it.
Wellons filed suit seeking a court declaration that the verdict was a covered loss under its CGL or umbrella policy. Both it and Lexington sought summary judgments.
The U.S. District Court for the Northern District of Georgia ruled in Lexington’s favor. On appeal to the U.S. 11th Circuit Court of Appeals, Wellons argued the reservation of rights notification needed to be more specific to comply with Georgia law.
The appeals court disagreed in May, saying that Lexington’s “defenses of noncoverage were not known … until it concluded its investigation… .” The court also found that Wellons had never notified the company of a claim under the umbrella policy.
Scorecard: Lexington Insurance did not have to cover an $8 million jury verdict resulting from faulty construction of an energy system.
Takeaway: Insurers “must” give insureds notification of a reservation of rights, but Georgia law only recommends that specific policy terms be part of that notification.
Imitation is Not Disparagement
In 2010, Gary-Michael Dahl, manufacturer of the Multi-Cart, filed a lawsuit against Ultimate Support Systems claiming that Ultimate’s Ulti-Cart infringed on Dahl’s patent and trademark, and damaged its business and reputation, among other issues.
Both the Multi-Cart and Ulti-Cart are collapsible carts designed for the musical industry to transport music, sound and video equipment.
Ultimate sought defense under its commercial liability policy issued by Hartford Casualty Insurance Co., which denied coverage, claiming that “disparagement” was not covered by the personal and advertising injury policy terms.
The insurance company also said the policy did not cover violations of intellectual property rights.
After Ultimate sued for coverage, the California Superior Court dismissed the lawsuit. That decision was affirmed by the Court of Appeal, and on further appeal to the California Supreme Court, Ultimate lost once again.
The state’s high court ruled in June there was no disparagement, either explicit or inferred.
The possible confusion between the two products does not imply inferiority of the Multi-Cart, the court ruled. In addition, Dahl’s claim that Ulti-Cart was a “knock-off” of the Multi-Cart, and thus derogatory of the Multi-Cart, was disputed by Dahl’s own claim that the two products were “nearly identical.”
Scorecard: Hartford did not have to provide a defense to Ultimate Support Systems in a trademark infringement lawsuit.
Takeaway: The ruling limits the scope of an insurer’s duty to defend a policyholder when the allegations involve disparagement.
Court Rules on Additional Insureds
On Sept. 13, 2010, workers of Fast Trek Steel were tightening safety cables on steel beams at Yale University’s Science Area Chilled Water Plant Shell when the unsecured beams dislodged and collapsed. One ironworker, Robert Adrian, fell to his death. Three others were injured by the falling beams.
Adrian’s estate and the injured men filed suit alleging negligence against, among others, Shawmut Woodworking & Supply Inc., general contractor of the construction project, and Shepard Steel Co., a steel fabrication subcontractor.
Because of workers’ compensation laws, there were no lawsuits filed against Fast Trek, which, as required by its contract with Shepard, had obtained a general liability policy from First Mercury Insurance Co. with a $1 million per occurrence coverage limitation, and an excess liability policy from National Union Fire Insurance Co., with up to $10 million of coverage.
Both Shepard and Shawmut sought defense and indemnification from First Mercury as “additional insureds” of that Fast Trek policy. Liberty Mutual — which had issued a liability policy to Shepard and is currently providing a defense to Shepard and Shawmut under a reservation of rights — also demanded that First Mercury assume that defense.
First Mercury demurred, contending, among other reasons, that Shawmut was not included in the definition of additional insured, and that even if Shawmut and Shepard were included, there was no coverage because Fast Trek was not named in the underlying lawsuits.
The U.S. District Court for the District of Connecticut disagreed.
It ruled that when Shepard hired Fast Trek as its subcontractor — and as Shawmut’s sub-subcontractor — the agreement expressly incorporated the Shawmut-Shepard contract, and that it was “immaterial” that there was not a “direct contractual relationship” between Shawmut and Fast Trek.
In addition, it ruled that the accident was arguably caused by Fast Trek and that the reason Fast Trek was not named in the underlying lawsuits was due to the exclusive remedy rule of workers’ compensation law.
Scorecard: First Mercury must defend and indemnify the general contractor and subcontractor in the workplace death and injury lawsuit.
Takeaway: A sub-subcontractor need not be explicitly included in a contract for coverage to be extended.
From Coast to Coast
The 3,920-ton Left Coast Lifter, originally built by Fluor Construction to help build the new Bay Bridge in San Francisco, will be integral in rebuilding the Tappan Zee Bridge by 2018.
The Lifter and the Statue of Liberty
When he got the news, Scot Burford could see it as clearly as if somebody handed him an 8 by 11 color photograph.
On January 30, the Left Coast Lifter, a massive crane originally built by Fluor Construction to help build the new Bay Bridge in San Francisco, steamed past the Statue of Liberty. Excited observers, who saw the crane entering New York Harbor, dubbed it the “The Hudson River Hoister,” honoring its new role in rebuilding the Tappan Zee Bridge over the Hudson River.
Powered by two stout-hearted tug boats, the Lauren Foss and the Iver Foss, it took more than five weeks for the huge crane to complete the 6,000 mile ocean journey from San Francisco to New York via the Panama Canal.
Scot took a deep breath and reflected on all the work needed to plan every aspect of the crane’s complicated journey.
A risk engineer at Liberty International Underwriters (LIU), Burford worked with a specialized team of marine insurance and risk management professionals which included John Phillips, LIU’s Hull Product Line Leader, Sean Dollahon, an LIU Marine underwriter, and Rick Falcinelli, LIU’s Marine Risk Engineering Manager, to complete a detailed analysis of the crane’s proposed route. Based on a multitude of factors, the LIU team confirmed the safety of the route, produced clear guidelines for the tug captains that included weather restrictions, predetermined ports of refuge in the case of bad weather as well as specifying the ballast conditions and rigging of tow gear on the tugs.
Of equal importance, the deep expertise and extensive experience of the LIU team ensured that the most knowledgeable local surveyors and tugboat captains with the best safety records were selected for the project. After all, the most careful of plans will only be as effective as the people who execute them.
The tremendous size of the Left Coast Lifter presented some unique challenges in preparing for its voyage.
The original intention was to dry tow the crane by loading and securing it on a semi-submersible vessel. However, the lack of an American-flagged vessel that could accommodate the Left Coast Lifter created many logistical complexities and it was decided that the crane would be towed on its own barge.
At first, the LIU team was concerned since the barge was not intended for ocean travel and therefore lacked towing skegs and other structural components typically found on oceangoing barges.
But a detailed review of the plan with the client and contractors gave the LIU team confidence. In this instance, the sheer weight and size of the crane provided sufficient stability, and with the addition of a second tug on the barge’s stern, the LIU team, with its knowledge of barges and tugs, was confident the configuration was seaworthy and the barge would travel in a straight line. The team approved the plan and the crane began its successful voyage.
As impressive as the crane and its voyage were, it was just one piece in hundreds that needed to be underwritten and put in place for the Tappan Zee Bridge project to come off.
The rebuilding of the Tappan Zee Bridge, due to be completed in 2018, is the largest bridge construction project in the modern history of New York. The bridge is 3.1 miles long and will cost more than $3 billion to construct. The twin-span, cable-stayed bridge will be anchored to four mid-river towers.
When veteran contractors American Bridge, Fluor Corp., Granite Construction Northeast and Traylor Bros. formed a joint venture and won the contract to rebuild the Tappan Zee, one of the first things the consortium needed to do was find an insurance partner with the right coverages and technical expertise.
The Marsh broker, Ali Rizvi, Senior Vice President, working with the consortium, was well known to the LIU underwriting and engineering teams. In addition, Burford and the broker had worked on many projects in the past and had a strong relationship. These existing relationships were vital in facilitating efficient communication and data gathering, particularly given the scope and complexity of a project like the Tappan Zee.
And the scope of the project was indeed immense – more than 200 vessels, coming from all over the United States, would be moving construction equipment up the Hudson River.
An integrated team of LIU underwriters and risk engineers (including Burford, Phillips, Dollahon and Falcinelli) got to work evaluating the risk and the proper controls that the project required. Given the global scope of the project, the team’s ability to tap into their tight-knit global network of fellow LIU marine underwriters and engineers with deep industry relationships and expertise was invaluable.
In addition to the large number of vessels, the underwriting process was further complicated by many aspects of the project still being finalized.
“Because the consortium had just won this account, they were still working on contracts and contractors to finalize the deal and were unsure as to where most of the equipment and materials would be coming from,” Burford said.
Despite the massive size of the project and large number of stakeholders, LIU quickly turned around a quote involving three lines of marine coverage, Marine Liability, Project Cargo and Marine Hull & Machinery.
How could LIU produce such a complicated quote in a short period of time? It comes down to integrating risk engineers into the underwriting process, possessing deep industry experience on a global scale and having strong relationships that facilitate communication and trust.
Photo Credit: New York State Thruway Authority
When completed in 2018, the Tappan Zee will be eight lanes, with four emergency pullover lanes. Commuters sailing across it in their sedans and SUVs might appreciate the view of the Hudson, but they might never grasp the complexity of insuring three marine lines, covering the movements of hundreds of marine vessels carrying very expensive cargo.
Not to mention ferrying a 3,920-ton crane from coast to coast without a hitch.
But that’s what insurance does, in its quiet profundity.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty International Underwriters. The editorial staff of Risk & Insurance had no role in its preparation.