Curbing liabilities for hacked health systems
Curbing liabilities for hacked health systems
By DANIEL PAYNE, BEN LEONARD and CHELSEA CIRRUZZO 07/29/2024 10:00 AM EDT
DRIVING THE DAY
A person types on an illuminated computer keyboard.
Some state lawmakers want health care systems to develop cybersecurity protocols in return for easing liability burdens after a data breach. | Sean Gallup/Getty Images
THE LIABILITY QUESTION — State lawmakers, concerned by what they consider to be overreaching class-action lawsuits against health care organizations over data breaches, are moving to curb liability for them, Ben reports.
Tennessee is the latest in a string of states to move to reduce liability for organizations that adopt their security protocols to protect against cyberattacks — following Connecticut, Ohio and Utah. Last month, Florida was on the cusp of doing so, but GOP Gov. Ron DeSantis vetoed the measure, saying it didn’t go far enough to encourage strong cybersecurity measures.
Zooming out: The pushback against the suits from state lawmakers comes amid a spate of breaches that has increased in recent years along with the growing number of lawsuits. Health care has been a particularly ripe target for hackers, who have threatened patient safety and cost the sector billions.
As hacking has become more prevalent and bad actors have grown more sophisticated, many lawmakers have sought to protect health care providers, arguing they can’t reasonably be held responsible for every attack. More than 144 million people in the U.S. had their health data compromised in 2023, according to a POLITICO analysis, nearly triple 2022’s total.
“What happens is they get hacked and then by law they have to report there is a breach, and then you have these class-action suits pop up,” said Florida state Rep. Mike Giallombardo, a Republican who helped pass a bill to limit liability and owns a cybersecurity firm. “The victim is being sued for tens of millions of dollars for so-called negligence when the fact is they weren’t negligent. Nobody’s immune from this.”
The counterpoint: Lawyers and the patients they represent have pushed back on the new laws, arguing that health care firms aren’t doing enough to safeguard patient information. Some say they’re more focused on minimizing payouts than incentivizing cybersecurity.
“These [health care] companies make millions and millions of dollars, and they just profit,” said Thomas Loeser, partner at Cotchett Pitre & McCarthy, which represents consumers in class-action suits, including one against UnitedHealthGroup’s Change Healthcare. “They don’t spend the money to protect the information they collect from consumers because nobody has made them do it.”
WELCOME TO MONDAY PULSE, where we’re thinking a lot about how the election will impact health policy across the board. Have any ideas (especially unconventional ones)? Let me know — and send your tips, scoops and feedback to me — at [email protected] or @_daniel_payne or your regular Pulse hosts, [email protected] or [email protected].
During unprecedented times, POLITICO Pro Analysis gives you the insights you need to focus your policy strategy. Live briefings, policy trackers, and and people intelligence secures your seat at the table. Learn more.
IN CONGRESS
Young activists hold up signs saying "Kids Online Safety Act" during a rally
The Kids Online Safety Act is up for a vote this week in the Senate. | Jemal Countess/Getty Images for Accountable Tech
KIDS ONLINE — Senate legislation expected to pass Tuesday will be the closest Congress has come to ending the laissez-faire governance of the internet that’s prevailed since the web’s infancy three decades ago, our Ruth Reader reports.
The Kids Online Safety Act would for the first time make social companies like Facebook and TikTok responsible for the ill effects of design features that recommend content and encourage engagement.
Senators credited grieving parents, who say their children died by suicide because of bullying or predation they experienced online, with convincing them to proceed.
“We could never have reached this point without parents of children who tragically took their own lives because of what happened to them on social media who came down here to relentlessly lobby,” Senate Majority Leader Chuck Schumer said on the floor before a procedural vote last week.
Schumer said those sessions were “some of the most painful and important meetings I’ve ever had.”
Tech industry lobbying arm NetChoice opposes the bill on First Amendment grounds. Some advocates on the left, like the American Civil Liberties Union, and on the right, like former Pennsylvania GOP Sen. Rick Santorum’s Patriot Voices, say the bill could deny kids access to worthwhile content.
What’s next: The measure still has to get through the House, where Energy and Commerce Chair Cathy McMorris Rodgers (R-Wash.) canceled a planned committee vote earlier this month, citing objections in her own caucus. Rodgers, who supports the bill, said she plans to reschedule.
AROUND THE AGENCIES
IS AI THE ANSWER? Public health officials and law enforcement could react faster — and save lives — if researchers could identify newly emerging illicit drugs more quickly, government officials and researchers believe.
The federal government is funding a vast surveillance enterprise toward that end, reports POLITICO’s Gregory Svirnovskiy.
The government has enlisted a lab north of Philadelphia and university researchers in Florida and New York, who say they’re getting close to near real-time intelligence on the latest compounds in the country’s black markets, be it the synthetic opioid fentanyl that’s causing tens of thousands of fatal overdoses each year or entirely new drugs.
“We have technology on our side,” said Joseph Palamar, a professor at New York University Langone Health who is a leader in the effort.
With money from the National Institute on Drug Abuse, researchers are trawling Reddit for discussions about emerging drugs and surveying people at skate parks, bus stops and sporting events. Staff at Florida Atlantic University and New York University are part of the University of Florida’s National Drug Early Warning System.
The lab in Pennsylvania, NPS Discovery, short for “novel psychoactive substances,” toxicologists test thousands of samples — pills, powders and sometimes blood, urine and plasma — for new chemical culprits. It’s part of the Center for Forensic Science Research and Education and receives funding from the National Institute of Justice, an arm of the Department of Justice.
Collaboration between those surveying drug users and those analyzing the drugs they’re taking has sped the detection process. Some hope to eventually use artificial intelligence to speed it up further.
But the researchers are also playing a constant game of Whac-A-Mole — a game they can get faster at, but one that won’t ever end.
PUBLIC HEALTH
COVID RETROSPECTIVE — If every state had implemented Covid-19 mandates like those in the most restrictive states, hundreds of thousands of deaths could have been avoided, according to a new study.
The research in JAMA Health Forum, which compared states through the first two years of the pandemic, found that stronger restrictions were associated with lower excess mortality.
The upshot? Between 271,000 and 447,000 deaths could have been avoided with tougher restrictions, according to the researchers’ model. And if all states had taken on the approach of their peers with the loosest restrictions, up to 200,000 more people would have died.
DON’T MISS OUR AI & TECH SUMMIT: Join POLITICO’s AI & Tech Summit for exclusive interviews and conversations with senior tech leaders, lawmakers, officials and stakeholders about where the rising energy around global competition — and the sense of potential around AI and restoring American tech knowhow — is driving tech policy and investment. REGISTER HERE.
NAMES IN THE NEWS
Laura Stevens Kent will be VP of federal affairs at DeBrunner & Associates. She most recently was SVP for advocacy and external affairs at the Hospital & Healthsystem Association of Pennsylvania and is a former Pennsylvania Rep. Charlie Dent/Tuesday Group alum.
Chrissy Farr, Tom Cassels, Dr. Shami Feinglass and Melindah Sharma have joined Manatt as managing directors in the firm’s health care group.
WHAT WE'RE READING
The New York Times reports on a blood test that shows promise in detecting Alzheimer’s.
NPR reports on the search for polio cases in Gaza after the virus showed up in wastewater.
Stat reports on the new breast cancer research that offers a puzzling finding around mastectomies.
By DANIEL PAYNE, BEN LEONARD and CHELSEA CIRRUZZO 07/29/2024 10:00 AM EDT
DRIVING THE DAY
A person types on an illuminated computer keyboard.
Some state lawmakers want health care systems to develop cybersecurity protocols in return for easing liability burdens after a data breach. | Sean Gallup/Getty Images
THE LIABILITY QUESTION — State lawmakers, concerned by what they consider to be overreaching class-action lawsuits against health care organizations over data breaches, are moving to curb liability for them, Ben reports.
Tennessee is the latest in a string of states to move to reduce liability for organizations that adopt their security protocols to protect against cyberattacks — following Connecticut, Ohio and Utah. Last month, Florida was on the cusp of doing so, but GOP Gov. Ron DeSantis vetoed the measure, saying it didn’t go far enough to encourage strong cybersecurity measures.
Zooming out: The pushback against the suits from state lawmakers comes amid a spate of breaches that has increased in recent years along with the growing number of lawsuits. Health care has been a particularly ripe target for hackers, who have threatened patient safety and cost the sector billions.
As hacking has become more prevalent and bad actors have grown more sophisticated, many lawmakers have sought to protect health care providers, arguing they can’t reasonably be held responsible for every attack. More than 144 million people in the U.S. had their health data compromised in 2023, according to a POLITICO analysis, nearly triple 2022’s total.
“What happens is they get hacked and then by law they have to report there is a breach, and then you have these class-action suits pop up,” said Florida state Rep. Mike Giallombardo, a Republican who helped pass a bill to limit liability and owns a cybersecurity firm. “The victim is being sued for tens of millions of dollars for so-called negligence when the fact is they weren’t negligent. Nobody’s immune from this.”
The counterpoint: Lawyers and the patients they represent have pushed back on the new laws, arguing that health care firms aren’t doing enough to safeguard patient information. Some say they’re more focused on minimizing payouts than incentivizing cybersecurity.
“These [health care] companies make millions and millions of dollars, and they just profit,” said Thomas Loeser, partner at Cotchett Pitre & McCarthy, which represents consumers in class-action suits, including one against UnitedHealthGroup’s Change Healthcare. “They don’t spend the money to protect the information they collect from consumers because nobody has made them do it.”
WELCOME TO MONDAY PULSE, where we’re thinking a lot about how the election will impact health policy across the board. Have any ideas (especially unconventional ones)? Let me know — and send your tips, scoops and feedback to me — at [email protected] or @_daniel_payne or your regular Pulse hosts, [email protected] or [email protected].
During unprecedented times, POLITICO Pro Analysis gives you the insights you need to focus your policy strategy. Live briefings, policy trackers, and and people intelligence secures your seat at the table. Learn more.
IN CONGRESS
Young activists hold up signs saying "Kids Online Safety Act" during a rally
The Kids Online Safety Act is up for a vote this week in the Senate. | Jemal Countess/Getty Images for Accountable Tech
KIDS ONLINE — Senate legislation expected to pass Tuesday will be the closest Congress has come to ending the laissez-faire governance of the internet that’s prevailed since the web’s infancy three decades ago, our Ruth Reader reports.
The Kids Online Safety Act would for the first time make social companies like Facebook and TikTok responsible for the ill effects of design features that recommend content and encourage engagement.
Senators credited grieving parents, who say their children died by suicide because of bullying or predation they experienced online, with convincing them to proceed.
“We could never have reached this point without parents of children who tragically took their own lives because of what happened to them on social media who came down here to relentlessly lobby,” Senate Majority Leader Chuck Schumer said on the floor before a procedural vote last week.
Schumer said those sessions were “some of the most painful and important meetings I’ve ever had.”
Tech industry lobbying arm NetChoice opposes the bill on First Amendment grounds. Some advocates on the left, like the American Civil Liberties Union, and on the right, like former Pennsylvania GOP Sen. Rick Santorum’s Patriot Voices, say the bill could deny kids access to worthwhile content.
What’s next: The measure still has to get through the House, where Energy and Commerce Chair Cathy McMorris Rodgers (R-Wash.) canceled a planned committee vote earlier this month, citing objections in her own caucus. Rodgers, who supports the bill, said she plans to reschedule.
AROUND THE AGENCIES
IS AI THE ANSWER? Public health officials and law enforcement could react faster — and save lives — if researchers could identify newly emerging illicit drugs more quickly, government officials and researchers believe.
The federal government is funding a vast surveillance enterprise toward that end, reports POLITICO’s Gregory Svirnovskiy.
The government has enlisted a lab north of Philadelphia and university researchers in Florida and New York, who say they’re getting close to near real-time intelligence on the latest compounds in the country’s black markets, be it the synthetic opioid fentanyl that’s causing tens of thousands of fatal overdoses each year or entirely new drugs.
“We have technology on our side,” said Joseph Palamar, a professor at New York University Langone Health who is a leader in the effort.
With money from the National Institute on Drug Abuse, researchers are trawling Reddit for discussions about emerging drugs and surveying people at skate parks, bus stops and sporting events. Staff at Florida Atlantic University and New York University are part of the University of Florida’s National Drug Early Warning System.
The lab in Pennsylvania, NPS Discovery, short for “novel psychoactive substances,” toxicologists test thousands of samples — pills, powders and sometimes blood, urine and plasma — for new chemical culprits. It’s part of the Center for Forensic Science Research and Education and receives funding from the National Institute of Justice, an arm of the Department of Justice.
Collaboration between those surveying drug users and those analyzing the drugs they’re taking has sped the detection process. Some hope to eventually use artificial intelligence to speed it up further.
But the researchers are also playing a constant game of Whac-A-Mole — a game they can get faster at, but one that won’t ever end.
PUBLIC HEALTH
COVID RETROSPECTIVE — If every state had implemented Covid-19 mandates like those in the most restrictive states, hundreds of thousands of deaths could have been avoided, according to a new study.
The research in JAMA Health Forum, which compared states through the first two years of the pandemic, found that stronger restrictions were associated with lower excess mortality.
The upshot? Between 271,000 and 447,000 deaths could have been avoided with tougher restrictions, according to the researchers’ model. And if all states had taken on the approach of their peers with the loosest restrictions, up to 200,000 more people would have died.
DON’T MISS OUR AI & TECH SUMMIT: Join POLITICO’s AI & Tech Summit for exclusive interviews and conversations with senior tech leaders, lawmakers, officials and stakeholders about where the rising energy around global competition — and the sense of potential around AI and restoring American tech knowhow — is driving tech policy and investment. REGISTER HERE.
NAMES IN THE NEWS
Laura Stevens Kent will be VP of federal affairs at DeBrunner & Associates. She most recently was SVP for advocacy and external affairs at the Hospital & Healthsystem Association of Pennsylvania and is a former Pennsylvania Rep. Charlie Dent/Tuesday Group alum.
Chrissy Farr, Tom Cassels, Dr. Shami Feinglass and Melindah Sharma have joined Manatt as managing directors in the firm’s health care group.
WHAT WE'RE READING
The New York Times reports on a blood test that shows promise in detecting Alzheimer’s.
NPR reports on the search for polio cases in Gaza after the virus showed up in wastewater.
Stat reports on the new breast cancer research that offers a puzzling finding around mastectomies.