A tragic case making its way through the courts in the US could prove to be the first recorded death due to ransomware.
According to papers filed in June 2020 (via NBC), Teiranni Kidd of Mobile, Alabama, is accusing Springhill Memorial Hospital and its owners of failing to mitigate a crippling cyber-attack and then conspiring to hide its impact on patient care.
Kidd’s daughter Nicko was born with her umbilical cord wrapped around her neck, a problem that has purportedly led to brain damage and the infant’s death several months later.
Fetal heart rate monitors would have usually picked up the issue. Yet, according to the Wall Street Journal, medical staff could not access these from the usual location as a display had been locked by threat actors seeking a ransom payment.
Computing systems were disabled for a total of eight days, including wireless tracking of medical staff and digital patient records, the report claimed.
“Nurses and other healthcare personnel were forced to use outdated paper charting methods and paper documentation to record and document Teiranni’s labor and Nicko’s delivery. Some of the paper forms used outdated terminology and had not been used in years,” the court documents allege.
“As a result, the number of healthcare providers who would normally monitor her labour and delivery was substantially reduced, and important safety-critical layers of redundancy were eliminated.”
If Kidd had known the extent of the technology outage at the hospital, she would have chosen to have her baby elsewhere, the suit contends.
The hospital denies any wrongdoing.
The case highlights the potentially tragic real-world consequences of mounting cyber-attacks. Hospitals came under particular strain during the pandemic as many ransomware groups spotted an opportunity to monetize their attacks.
One study in August claimed that half of US hospitals had been forced to shut down their networks during the previous six months due to ransomware.
In September 2020, it emerged that a woman died after being diverted from a German hospital compromised by ransomware. However, it was later reported that her injuries were so severe that she would likely have died even if the hospital had been able to admit her.