The first credible public claim that a death was caused, at least in part, by ransomware was first reported by The Wall Street Journal on Sept. 30. An Alabama woman, whose 9-month-old child died, has filed a lawsuit against Springhill Medical Center (located in Mobile, Ala.), where her daughter was born.
According to a CBS News article, “Springhill Medical Center was besieged by a ransomware attack when Nicko Silar was born July 17, 2019. The resulting failure of electronic devices meant a doctor could not properly monitor the child's condition during delivery, according to the lawsuit by Teiranni Kidd, the child's mother.”
Further, “‘The number of healthcare providers who would normally monitor her labor and delivery was substantially reduced and important safety-critical layers of redundancy were eliminated,’ the suit claims.”
The baby had severe brain injuries, among other issues, and died last year at another hospital after months of intensive care.
An article from NBC News by Kevin Collier states that “Kidd initially sued the hospital in January 2020, then amended the lawsuit that July after her daughter died. The hospital didn’t respond to a request for comment. Through her attorney, Kidd declined to comment because the lawsuit is ongoing.”
That said, “Had she known that hackers had attacked the hospital, Kidd would have chosen to deliver her baby elsewhere, the suit says.”
Collier adds that “A German woman died in 2020 after being rerouted to a different emergency room because the closest hospital was hit with ransomware. But government authorities later found there wasn’t sufficient evidence that the ransomware played a key role in her death.”
Cybersecurity experts’ concerns are increasing, especially when it comes to healthcare organizations. In August, the FBI issued a warning about the malicious Hive ransomware. Additionally, hospitals and health systems in the U.S. are underprepared, to say the least, for cybersecurity threats that are continuing to intensify. CynergisTek’s fourth annual report found that 64 percent of organizations were below an 80-percent level of preparedness.
