Life SciencesLiability

Medical Device FAQ

What insurance does a SaMD (software as a medical device) company need?

A software-as-a-medical-device (SaMD) company has a foot in both the device world and the technology world, so its program blends the two. It needs technology errors and omissions for claims that the software failed to perform, cyber for the patient data it holds under HIPAA, and products or professional liability for the clinical function the software delivers. For a SaMD company, technology E&O is frequently the primary line rather than an add-on.

The exposure to watch is the seam. If a software defect or exploit contributes to patient harm, the claim can implicate products liability (which may exclude cyber-triggered events), cyber (which may exclude bodily injury), and technology E&O at once. Placed without reconciling those exclusions, a patient-injury claim caused by a software failure can fall between the policies.

FDA now treats device cybersecurity as part of safety, with premarket expectations, so underwriters look closely at the security program. The practical step is to review the exclusions across products, tech E&O, and cyber together and secure affirmative coverage or carve-backs before the product reaches the market.

Primary source

FDA - Cybersecurity in Medical Devices

Related

Medical device coverage review

A specialist will reach out by end of business day.

Request a coverage review