A ransomware attack against Springhill Medical Center may have led to a baby’s death and a medical malpractice lawsuit in Alabama. There are 250,000 deaths caused by medical errors every year, but this may be the first one that could have stemmed from a ransomware attack if proven in court. Medical malpractice or negligence cases may be filed against health care providers if they fail to provide the standard care that’s demanded by their profession or facility. The lawsuit was filed by Teiranni Kidd in April 2020 soon after her baby girl, Nicko died.
The hospital was hit with a ransomware attack on July 8, 2019. The hospital refused to pay for the ransom and decided to shut the network instead. In the labor and delivery unit, the nurses didn’t have access to the central monitoring system due to the network shutdown. They had to rely on paper readouts from fetal heart monitors and the physical presence of nurses near or in the rooms. One hour before Ms. Kidd gave birth, her baby’s fetal heart monitor registered and printed out an abnormal increase in heart rate. An increase in a baby’s heart rate can mean that the umbilical cord has cut off blood and oxygen to the baby. It is uncertain if the attending nurse saw the printout or how it was interpreted. The baby was born with the umbilical cord around her neck and was subsequently diagnosed with brain damage.
Ms. Kidd alleges in her lawsuit that she was not informed of the July 8, 2019 attack when she was admitted for childbirth. The suit further states that the cyber-attack disabled the heart rate monitor where the nurses would have been alerted of her baby’s declining heart rate. Her baby girl, Nicko, was born with her umbilical cord wrapped around her neck, diagnosed with brain damage, and died eight months later. Ms. Kidd filed a medical malpractice case against the hospital in April 2020.
Medical malpractice arises from a health care provider or professional’s failure to provide a standard of care, treatment, or a proper medical action that results in a patient suffering harm, injury, or death. A reputable malpractice lawyer will see to it that a case has all these elements before accepting it and filing the suit in court: failure to provide a standard of care, the breach caused injury, and the injury has substantial damages. If a patient is unsatisfied with the outcome of medical treatment, he or she cannot file a medical malpractice case.
If the allegations of Ms. Kidd are proven true, Saif Abed, MD says that we’ll be seeing “the next phase of malpractice lawsuits.” Saif Abed, MD is a founding partner and director for cybersecurity advisory services for the AbedGraham Group. He further states in an interview for scmagazine.com that, “as the impact of ransomware in health care receives greater coverage and the volume of patients exposed to the outcomes of this type of attack increases, we are going to see an increase in both legitimate and opportunistic malpractice suits based on ‘digital failure’.”
Moving forward, it will be crucial for the justice system to gain knowledge from people with relevant expertise “to understand the context of their cases appropriately.”
