A lawsuit filed in Alabama may signal the first time a ransomware attack has specifically been blamed for a U.S. fatality. The victim in the case was a newly born infant and the child’s mother alleges she was never informed that the hospital had been cut off from vital communication systems necessary for the proper operation of fetal heartbeat monitors.
A ransomware attack occurs when a hacker group – generally either state sponsored or otherwise heavily funded – writes a computer exploit that renders a computer system inoperable unless a sum of money is paid to unlock it. The ransom is payable only by cryptocurrency to keep the recipient obfuscated.
In the Alabama case, medical professionals had no way of knowing that Teriranni Kidd’s child’s umbilical cord was wrapped around her neck until it was too late. The lack of oxygen and blood to the infant’s brain caused a severe neurological injury and she died nine months later.
While the hospital denies any wrongdoing in the tragedy, messages sent internally between staff in the labor unit show a department in chaos and operating almost completely in the blind. Kidd alleges that had she known that the hospital was under attack and lacked critical infrastructure necessary to safely deliver her child, she would have gone somewhere else.
In an internal message to the unit’s head nurse, attending obstetrician Katelyn Parnell indicated that had she been aware of the situation regarding the newborn, she would have opted for a cesarean section. “I need u to help me understand why I was not notified,” she wrote. “This was preventable.”
The attack that killed the child is believed to have originated out of Russia by a group that has been attacking U.S. healthcare facilities since 2018.
