Cyberattacks typically involve hackers getting into a business’s or organization’s systems and making them unusable. They’re often called ransomware attacks because hackers generally require victims to pay to get the use of their systems back.
While it may seem particularly egregious to level these attacks on hospitals, they are often the victims. Their systems house a trove of patient information that needs to be kept private, and they’re heavily reliant on their systems to treat patients. Therefore, they may be willing to pay a great deal to get them back, even though law enforcement discourages that.
How a cyberattack disrupts the functioning of a hospital
Among the elements of care that can be rendered unusable during a cyberattack are monitoring and imaging equipment, communication software, electronic health record (EHR) systems and telehealth platforms. Hospitals are heavily reliant on electronic systems for patient information, communication among staff members who are treating a patient throughout the day and night and much more.
Not only can patients already in the facility be at risk, but a hospital under attack has to limit new patients until it can be resolved. Getting these systems up and running again can literally be a matter of life or death.
What is the cost in patient lives?
It’s hard to know precisely how significantly a ransomware attack can affect patient outcomes. One study determined that it increased the mortality rate from 3% to 4%. It’s likely higher since it’s hard to determine how often delays in treatment caused by a ransomware attack cause fatalities.
While hospitals typically are victims, just as patients are, the costs to patients can be their health and even their lives.
Do patients and families have recourse?
One of the first malpractice suits involving a cyberattack involved the death of a baby who, according to the suit, didn’t receive fetal heart rate and other monitoring during and after birth because the systems were down. Further, the hospital allegedly didn’t notify the mother of the attack’s effect on its ability to monitor her baby.
It’s crucial for health care providers to do everything possible to prevent becoming the victim of a cyberattack. Their preventative measures (or lack thereof), the correlation between system or equipment unavailability and a bad patient outcome and other factors need to be weighed to determine whether a hospital was guilty of malpractice due to a cyberattack. It’s crucial to have experienced legal guidance in these cases to seek justice and compensation.