EXECUTIVE SUMMARY:

On Friday, a hospital in Wyoming incurred a ransomware attack that has interrupted day-to-day functions. For outpatients, disruptions meant a lack of lab, respiratory therapy, or radiation oncology exams. Surgeries were also canceled, and the hospital could not accept inpatients.

Triaged patients arriving to the emergency room on Friday were sent to other care facilities in the area. However, two other nearby hospitals were reported as ‘full’ as the attack unfolded.

In theory, the rerouting and delay in care could put patients’ lives at risk. Patients unable to obtain respiratory therapy, for example, could suffer unimaginable discomfort, and side-effects from lack of timely treatment.

In situations where a patient suffers on account of a hacker -if law enforcement can manage to identify the perpetrator- should he/she receive prosecution for reckless endangerment, leading to felony charges? In the event that a patient dies due to prolonged inability to receive treatment, could the hacker be charged with second-degree murder?

In the past 12 months, more than 30 government, healthcare and school groups have been hit with ransomware.

At this point in time, a hospital stated that patient records do not appear to have been compromised or misused. In other instances, patient records have been sold on the dark web, allowing criminals to extract social security numbers and other personal data, in order to build fake identity kits. These are sold to individuals interested in immigrating, or hiding criminal activities.

For more on this story, visit InfoSecurity Magazine.