An Alabama baby was born with severe brain injury and eventually died due to botched care because her hospital was struggling with a ransomware attack, a lawsuit alleges.
The filing is the first credible public claim that someone’s death was caused at least in part by hackers who remotely shut down hospital computers in an extortion attempt, a rising trend in cybercrime.
The lawsuit, filed by Teiranni Kidd, the baby’s mother, was first reported by The Wall Street Journal. It alleges that the hospital, Springhill Medical Center, didn’t tell her that hospital computers were down because of a cyberattack, and subsequently gave her severely diminished care when she arrived to deliver her daughter.
Springhill announced in 2019 that it had been the victim of a “network security incident,” a common euphemism for a cyberattack. As reported at the time by local news station WKRG, Springhill claimed to be seeing a regular volume of patients at the time, even though it was turning some away because of the ransomware attack.
Kidd initially sued the hospital in January 2020, then amended the lawsuit that July after her daughter died. The hospital didn’t respond to a request for comment. Through her attorney, Kidd declined to comment because the lawsuit is ongoing.
According to the lawsuit, Kidd wasn’t informed Springhill was struggling with a cyberattack when she went in to deliver her daughter, and doctors and nurses then missed a number of key tests that would have shown that the umbilical cord was wrapped around the baby's neck, leading to brain damage and death nine months later.
Had she known that hackers had attacked the hospital, Kidd would have chosen to deliver her baby elsewhere, the suit says.
Ransomware, where hackers lock up a victim’s computers and demand payment for a program to make them usable again, is a surging, multibillion-dollar worldwide cybercriminal industry. Around 850 health care networks and hospitals in the U.S. have been affected by ransomware so far this year alone, said Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future.
Cybersecurity experts particularly worry about attacks on health care facilities, which can be quickly thrown into disarray if their computer networks go down. For years, they’ve grimly waited for the milestone of the first confirmed death due to a hospital ransomware attack.
“It’s an awful thing, but we’ve been expecting this for years to happen, because when things go wrong, eventually somebody’s going to die,” Liska said.
A German woman died in 2020 after being rerouted to a different emergency room because the closest hospital was hit with ransomware. But government authorities later found there wasn’t sufficient evidence that the ransomware played a key role in her death.