Incentivizing cybersecurity through liability and insurance : focusing on medical device software and healthcare organizations
Abstract/Contents
- Abstract
- The increasing use of digital technologies in economic activities, though creating significant benefits through delivering convenience and efficiency, is also leading to significant risks. As more medical devices are equipped with wireless capabilities, the threat of a cyberattack increases accordingly. The healthcare industry has faced more cyberattacks than other industries. This dissertation focuses on the problem of cyberattacks on both medical devices and hospital networks. While hackers play an obvious role in cyberattacks by discovering and exploiting the existing vulnerabilities in software, the threat of cyberattacks could be properly addressed by also regulating the behavior of two other actors—software manufacturers and software users. The current legal framework focuses on deterring potential malicious actors but it is difficult to implement the deterrence and, thus, the current approach to deter potential hackers does not sufficiently address the threat of cyberattacks. There is a need to create adequate incentives for software manufacturers to adopt improved security measures in their products and to provide software users with a mechanism that helps them understand the financial impact of potential cyberattacks accurately and better prepare for cyberattacks. This dissertation makes five contributions. First, it analyzes the current legal framework that applies to cyberattacks on medical devices and hospital networks and identifies gaps in the statutory and regulatory framework that make this framework inadequate to address the growing threat of cyberattacks. Second, it suggests product liability, especially post-sale duty to update, as a tool to give manufacturers of medical device software an incentive to secure medical device software. It also analyzes how the claims alleging a violation of a post-sale duty to update would overcome the preemption hurdle and how the recently adopted EU directives would indirectly affect the changes in the US market in the direction of recognizing a software manufacturer's post-sale duty to update. Third, it is the first research that investigates and compares two recent efforts to legislate compulsory cyber insurance—those of South Korea and in California. Fourth, different from the previous literature that mainly focused on the rosy promises of mandating cyber insurance, this dissertation analyzes not only the benefits but also the pitfalls of introducing compulsory cyber insurance and thereby identifies conditions for a comprehensive compulsory cyber insurance program to function well as a regulatory tool for software users. Finally, it recommends a two-staged approach in introducing compulsory cyber insurance, under which data breach liability insurance is mandated first and then compulsory cyber insurance would be expanded to cover both first-party losses and third-party losses when the above-mentioned circumstances are have taken root.
Description
| Type of resource | text |
|---|---|
| Form | electronic resource; remote; computer; online resource |
| Extent | 1 online resource. |
| Place | California |
| Place | [Stanford, California] |
| Publisher | [Stanford University] |
| Copyright date | 2021; ©2021 |
| Publication date | 2021; 2021 |
| Issuance | monographic |
| Language | English |
Creators/Contributors
| Author | Park, Hai Jin |
|---|---|
| Degree supervisor | Rabin, Robert L |
| Thesis advisor | Rabin, Robert L |
| Thesis advisor | Grundfest, Joseph A |
| Thesis advisor | Hensler, Deborah R, 1942- |
| Degree committee member | Grundfest, Joseph A |
| Degree committee member | Hensler, Deborah R, 1942- |
| Associated with | Stanford University, School of Law JSD |
Subjects
| Genre | Theses |
|---|---|
| Genre | Text |
Bibliographic information
| Statement of responsibility | Hai Jin Park. |
|---|---|
| Note | Submitted to the School of Law JSD. |
| Thesis | Thesis JSD Stanford University 2021. |
| Location | https://purl.stanford.edu/rt209xy9350 |
Access conditions
- Copyright
- © 2021 by Hai Jin Park
- License
- This work is licensed under a Creative Commons Attribution Non Commercial 3.0 Unported license (CC BY-NC).
Also listed in
Loading usage metrics...