A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death
By Kevin Poulsen, Robert McMillan, and Melanie Evans
A lawsuit filed against Alabama's Springhill Medical Center alleges that a 2019 ransomware attack directly contributed to the death of a newborn, which if proven in court, would mark the first confirmed death from a ransomware attack. Teiranni Kidd was admitted to the hospital nearly eight days into a ransomware attack that made patient health records inaccessible and left fewer eyes on fetal heart rate monitors because they could not be displayed at the nurses' station. Medical personnel in the labor and delivery unit resorted to texting each other with updates on patients, and the hospital laboratory sent over printouts of lab reports. Kidd's daughter was born with the umbilical cord wrapped around her neck, a condition that sets off warning signs on the heart monitor when the tightened cord cuts off the supply of blood and oxygen to the baby. The infant, named Nicko Silar, was diagnosed with severe brain damage and died nine months later. The attending obstetrician, Katelyn Parnell, said the death of Kidd's daughter was preventable because had she seen the paper strip from the monitor showing the fetus was in distress, she would have performed a C-section. Kidd has sued the medical center, asserting that data about her baby's condition never made it to Parnell because the hack eliminated the additional layer of scrutiny the heart rate monitor would have received at the nurses' station. Springhill had declined to pay the ransom when the hackers, believed to be the Russian-based Ryuk gang, attacked on July 8, 2019. The hospital has denied any wrongdoing in this case.
Read more on The Wall Street Journal.