Hospital Ransomware Attack Turns Deadly

Ransomware attacks have been a costly threat to companies and computer systems for years. Now, these malicious attacks are upping the ante by targeting hospitals and healthcare facilities – a dangerous crime that may have deadly consequences.

According to a lawsuit filed against Springhill Medical Center, a 2019 ransomware attack that crippled hospital computer systems led to diminished childbirth care that resulted in a baby’s death, the Wall Street Journal first reported. Teiranni Kidd, the child’s mother, claims that the hospital failed to inform her about the attack or its effect on hospital systems when she arrived to give birth on July 16, 2019. An attack, she alleges, that led directly to the death of her daughter, Nicko Silar.

How can a ransomware attack cause the death of a child

According to the lawsuit, the attack resulted in a failure of basic electronic systems doctors and hospital staff use for fetal monitoring during labor and delivery. As a result, the suit claims, healthcare providers missed key vital signs – namely an accelerated fetal heartbeat – that Nicko was in distress. She was born the next day with her umbilical cord wrapped around her neck, which resulted in severe brain injury and other health problems. She died nine months later.

“Because numerous electronic systems were compromised by the cyberattack, fetal tracing information was not accessible at the nurses’ station or by any physician or other healthcare provider who was not physically present in Teiranni’s labor and delivery room,” the filing claims. “As a result the number of healthcare providers who would normally monitor her labor and delivery was substantially reduced and important safety-critical layers of redundancy were eliminated.”

The ransomware attack in question disabled hospital computer systems for nearly eight days, cutting off access to patient medical records, shutting down wireless tracking devices that could locate medical staff, and compromising electronic systems across the facility.

The hospital has denied any wrongdoing.

“We stayed open and our dedicated healthcare workers continued to care for our patients because the patients needed us and we, along with the independent treating physicians who exercised their privileges at the hospital, concluded it was safe to do so,” Springhill Medical Center CEO Jeffrey St. Clair told the Journal.

Although the November 22 trial will bring the first case of ransomware-related death to court, it’s nowhere near the first case of ransomware attacks on healthcare facilities. In fact, hospitals have been increasingly targeted in recent years, especially since the start of the Covid-19 pandemic. According to a report by the Ponemon Institute, 43 percent of healthcare organizations have suffered a ransomware attack in the last two years – and one in five have had increased mortality rates as a result.

How Likely Is Your Practice to Pass a HIPAA Risk Assessment?

With more data breaches than ever before, it’s becoming harder and harder to protect your practice. Take our quiz below to find out how likely it is for your practice to pass a HIPAA risk assessment!