A baby was born with severe brain injury and eventually died due to botched care on account of the fact that the medical facility was deep in the midst of a ransomware attack, a lawsuit alleges. The allegations represent a credible public claim that cyber criminal activity resulted in a fatality.

The filing contends that Springhill Medical Center failed to disclose that key networks were down and that fetal monitoring devices were affected. The mother-to-be never received the information that would have led her to choose a different hospital, and to potentially see a different delivery outcome. She contends that hospital conditions made it unsafe to deliver her child.

Upon the delivery of the infant, nurses were unable to perform critical tests. These tests would have revealed that the umbilical cord was coiled around the baby’s neck. Had hospital staff been able to rely on important safety-critical monitoring tools, the baby’s life could potentially have been saved.

The lawsuit, details…

The Springhill Medical Center asserts that it is not responsible for any wrongdoing. The facility requested for a judge to dismiss the lawsuit’s most serious contention; that hospital officials deliberately presented a false and misleading narrative to patients and the public. The group also states that Alabama does not legally require disclosure of cyber attacks, making the case obsolete.

Jeff St. Clair, Springhill Medical Center’s president, informed the Dailymail.com that he felt proud of how the hospital handled the attack. He states that the hospital remained open and continued to serve patients. No comments were made surrounding the lawsuit due to pending litigation and patient confidentiality, except “…what you all know to be true – we love our patients and grieve with them anytime there is a loss.”

What happened…

Springhill Medical Center stated that it did shut down network operations in order to protect data as the ransomware attack unfolded. At the time, the hospital stated that a network incident would not affect its operations. However, in the absence of a functional network, doctors and nurses took to text messaging one another in order to communicate.

‘Because numerous electronic systems were compromised by the cyberattack, fetal tracing information was not accessible at the nurses’ station or by any physician or other healthcare provider who was not physically present in…[the] labor and delivery room,’ states the suit.

Healthcare and hospitals, ransomware

The threat of a cyber attack in the healthcare space continues to pose a substantial risk. In 2021 alone, more than 850 healthcare organizations have been affected by ransomware. According to a Wall Street Journal source, the cyber attack on Springhill Medical Center was conducted by the Ryuk ransomware group. Since 2018, Ryuk is believed to have attacked more than 235 general hospitals and healthcare facilities.

Healthcare organizations must both do everything within their power to prevent an attack and have plans in place that enable them to quickly respond to and mitigate a cyber security breach. For in-depth information about how to protect healthcare systems, see our whitepapers or read our Buyer’s Guide to IoMT security. Lastly, to receive cyber security insights, analysis and resources in your inbox each week, sign up for our newsletter.