People who end up in the hospital, whether for a scheduled procedure or as the result of a sudden injury or illness, are typically anxious about a lot of things. Most don’t consider, however, the possibility of a ransomware attack and what that could mean for their care – and their safety.
Ransomware attacks involve hackers getting malicious software (malware) into business systems to disrupt their operations. They then demand the victim pay a ransom to get their systems back up and running. These ransom demands can run well into six figures, depending on the size of the business and how crucial these systems are to them.
Why hospitals are popular targets
These attacks have become a serious problem in recent years for hospitals and other medical facilities of all sizes. Large hospitals are especially popular targets because they rely on a multitude of systems not just for patient monitoring and care but to store highly confidential patient information that doctors and nurses need to access to treat patients.
Hospitals, like other businesses, often pay the ransom demanded by the hackers to get their systems up and running again even though law enforcement advises against it. Too often they don’t report the attack because it can harm their reputation. Unfortunately, that can mean patients and families are kept in the dark about the fact that patient care can be seriously compromised.
Researchers have been working to determine how much harm ransomware attacks have had on patients. There’s no doubt that people have been harmed – in some cases fatally.
Questions to consider regarding liability
Holding hospitals liable for this harm caused by cyberattacks can be tricky. Among the questions that judges and juries will need to consider are the following:
- Could the attack have been avoided if the facility had implemented better cybersecurity measures?
- Were there back-up systems and practices in place to protect patients?
- Did hospital personnel notify patients and relatives of the attack and how it could affect their care so they had the option to postpone a procedure, for example, or move to another facility, if possible?
- Were local emergency services agencies notified so they could take patients to other hospitals?
Like any kind of malpractice claim, negligence is key to determining liability. If you or a loved one has been harmed or worse as the result of a hospital ransomware attack, it’s wise to get legal guidance to determine your next steps accordingly.