For the first time, a death occurred due to a ransomware it has been taken to court. The cyber attack happened in the Springhill Medical Center, in Alabama, in July 2019, and caused the death of a baby born in their facilities.
It was the mother of the little girl who has decided to take the case to court, something that had never happened. Yes there have been other deaths related to this type of internet attacks. However, although there was one who was about to follow the same path, the charges were dropped just at the last minute.
But this continues, although it is still too early to know the resolution. Now how could a cyber ransomware attack cause the death of a baby? And, before even answering that: what is ransomware?
Ransomware: Internet hijacking
Ransomware is a type of cyber attack, also known as data hijacking. And it is known like that because it consists basically of that. The hackers restrict access to certain data or files on the infected operating system and they ask for a ransom to the affected persons to return them.
The problem with this type of attack is that not only are affected, so to speak, the owners of the system in which the hijacking occurs. Also the people who receive your services. And that is something serious when it happens, for example, in a hospital.
There have been several cases in hospitals, some with a quick solution and others with consequences such as the death of the baby whose case has just gone to court.
A death that could have been prevented
The case, occurred on Jul 16, 2019, has recently come to light in an article by The Wall Street Journal.
That day a woman called Teiranni kidd, gave birth to her daughter. Was a scheduled delivery, for which initially it did not seem that there was any unforeseen event. However, as soon as the little girl was born they saw that something was wrong, because she had the coiled umbilical cord around his neck.
This caused him a severe brain damage from which he failed to recover, for which he died nine months later.
Shortly after delivery, the girl’s mother learned that eight days ago that ransomware had occurred at the Medical Center and that those responsible for it had refused to pay the ransom. Among the files that were affected were those responsible for the operation of the machines that detected the fetal heartbeat, so the doctors who treated Teiranni could not see that his daughter’s was problematic. If they had seen him, they possibly would not have continued with the scheduled delivery and would have performed a Caesarean section.
The gynecologist herself who attended the delivery, to whom the mother of the deceased baby has also denounced, has acknowledged that she was not aware of the scope of attack and that she is sure that if she had had these data she would have performed a cesarean section and perhaps the death of the little girl could have been prevented.
In addition, the cyber attack, which took up to three weeks, affected many more parts of the system. For example, it was not possible to access patient health records, nor to locate staff. Despite this, an attempt was made to continue with the normal activity of the center, without notifying patients like this woman in labor, who perhaps with all the information could have decided to give birth in another hospital.
For all that, he has taken the Medical Center to court. At the moment the hospital has rejected pay compensation proposal, so they will go to trial. We will have to wait to know the result. Meanwhile, this case will serve to demonstrate all the collateral damage that an incident of this type can entail, affecting people who should never have been involved. Even one of the most innocent that can exist: a newborn baby.