MOBILE, Ala. - A lawsuit filed by an Alabama woman alleges that her 9-month-old baby was born with severe brain injuries and later died as a result of a ransomware attack that crippled the hospital’s computer system and the facility’s response, which resulted in diminished care.
Springhill Medical Center, located in Mobile, suffered a ransomware attack in July of 2019 when Niko Silar was born.
The malpractice lawsuit filed by the baby’s mother, Teiranni Kidd, alleges that she wasn’t informed about the computer issues when she went to deliver her daughter. The computer failures meant doctors and nurses could not properly monitor the baby's condition during delivery, the lawsuit alleges.
Silar was born on July 17 with the umbilical cord wrapped around her neck and was left with severe brain injuries and other problems, according to the lawsuit. She died on April 16, 2020, after months of intensive care at another hospital.
As stated in the lawsuit, Springhill publicly announced a "security incident" that was affecting its internal network at the time. The hospital released a statement about the attack a day before the infant was born, saying staff "has continued to safely care for our patients and will continue to provide the high quality of service that our patients deserve and expect," WKRG-TV reported at the time.
FILE - A message demanding money on a computer hacked by a virus is shown on a computer in a file image taken on June 27, 2017. (Photo by Donat SorokinTASS via Getty Images)
The lawsuit is seeking an unspecified amount of money from the hospital and Dr. Katelyn Braswell Parnell, who delivered Niko. It claims Springhill did not reveal the severity of the cyberattack to Kidd, who "would have gone to a different and safer hospital for labor and delivery" had she known, it states.
The lawsuit was first reported by the Wall Street Journal this week. It was initially filed in Mobile County in 2019 when the baby was still alive and later amended after she died.
Springhill has denied wrongdoing and asked a judge to dismiss the most serious part of the lawsuit. It claimed any blame lies with Parnell, who "was fully aware of the inaccessibility of the relevant systems, including those in the labor and delivery unit, and yet determined that (Kidd) could safely deliver her at Springhill," according to the Associated Press.
Under Alabama law, the hospital did not have any legal duty to provide Kidd with details of the cyberattack, the hospital argued.
Springhill Medical Center CEO Jeff St. Clair said in an emailed statement to FOX Television Stations that "patient safety is always of paramount consideration and we are proud of the way that our Springhill family maintained it while we addressed the cybercriminal activity."
The statement added that "in response to the attack, and in consultation with law enforcement, Springhill Memorial Hospital brought its impacted systems back online safely and securely. And we explained that, because of the pending litigation (referenced in the article) and out of respect for patient confidentiality, we could not further comment about the case, except to say what you all know to be true – we love our patients and grieve with them any time there is a loss."
Ransomware is an ever-evolving form of malware that scrambles a victim organization’s data with encryption — rendering any files and the systems that rely on them unusable, according to U.S. cybersecurity officials.
The criminals then demand ransom in exchange for software decryption keys. They often target and threaten to sell or leak data or authentication information if the ransom is not paid.
Such attacks have become an increasingly pressing concern for government officials and corporations. Hospitals, schools, police departments and state and local governments are regularly hit by ransomware and other hacks.
And research has indicated that cyberattacks on health care systems have spiked during the COVID-19 pandemic. More than one in three health care organizations globally reported being hit by ransomware in 2020, according to a survey of IT professionals.
An epidemic of ransomware attacks has gotten so bad that Biden administration officials deemed them a national security threat earlier this year. Gen. Paul Nakasone, who leads U.S. efforts to thwart foreign-based cyberattacks, said last month that he’s mounting a "surge" to fight them.
This story was reported from Cincinnati. The Associated Press contributed.