Many hospitals have been targeted in ransomware attacks by hackers—and in one Alabama hospital, an attack may have caused staff to miss concerning signs that ultimately led to a baby's death, the Wall Street Journal reports.

Access our cybersecurity resource library

Hospitals increasingly targeted by ransomware attacks

According to the Journal, ransomware was a "novelty" in the cybercrime world a decade ago. But it has since become more sophisticated, causing major outages of critical infrastructure and the loss of hundreds of millions of dollars.

3 steps to (finally) address your cybersecurity 'elephant in the room'

Hospitals are increasingly targets of ransomware attacks, the Journal reports, largely because hackers assume hospital executives will pay quickly to restore lifesaving resources.

One prominent ransomware hacking group is Ryuk, which is based in Russia. Since 2018, the group has attacked at least 235 hospitals and inpatient psychiatric facilities, along with dozens of other health care facilities in the United States, the Journal reports. According to Coveware, a ransomware negotiation firm, Ryuk's average ransom demand is just under $700,000. Chainalysis, a bitcoin analysis firm, said the group collected at least $100 million in ransom payments last year.

In May, the Federal Bureau of Investigation warned ongoing ransomware attacks on medical providers and first responders could endanger the public and risk medical care delays. In addition, Joshua Corman, a senior advisor at the Cybersecurity and Infrastructure Security Agency, said ransomware can lead to dire consequences for hospitals and patients.

"We can see that a cyberattack can strain [hospitals] enough to contribute to excess deaths," Corman said.

Under attack, an Alabama hospital struggled to monitor patients

On July 8, 2019, Springhill Medical Center was hit by a ransomware attack—likely orchestrated by the hacking group Ryuk, the Journal reports. According to a hospital spokesperson, the hospital refused to pay the ransom, instead shutting down its network for at least three weeks before systems returned to normal.

What happens when hackers target your hospital? Sky Lakes Medical Center and Asante are sharing their biggest lessons learned.

During the network outage, nursing staff and doctors struggled to perform routine tasks, like accessing medical records and monitoring patients' vital signs. In the labor and delivery unit, staff were unable use a central monitoring system at the nurses' station, which showed real-time vital signs of patients in 12 delivery rooms. This monitor usually helped staff members closely track potential complications in their patients.

Without it, nurses placed patients in rooms closest to the nurses' station and turned up the volume on their bedside fetal heart monitors. Nurses were instructed to stay in or near their patients' rooms, and they routinely checked a paper readout from the fetal heart monitors.

Teiranni Kidd was one of the patients in the hospital's labor and delivery unit during the outage, the Journal reports. Around an hour before she gave birth, the printout of the fetal heartbeat monitor in her room showed that her baby had an abnormally fast heartbeat.

According to nurses specializing in obstetrics and newborns, an abnormal increase in heart rate can mean that an entangled umbilical cord has cut off blood and oxygen to the fetus. Doctors commonly choose to deliver a baby by C-section in these cases due to the potential for brain injuries.

However, only one person was monitoring Kidd's vital signs at the time, the Journal reports, and it's unclear whether the attending nurse noticed the rising heart rate or how it was interpreted.

"If that nurse didn't recognize it, it would have gone unnoticed," said Jeffrey Planchard, an anesthesiologist at Springhill at the time who now works for Mount Sinai Hospital in Chicago.

Toolkit: Assess your current approach to third-party risk management

Later that day, Kidd's baby, Nicko, was born unresponsive with her umbilical cord wrapped around her neck. Nicko was soon transferred to the neonatal ICU at a nearby hospital and later diagnosed with significant brain damage.

A day after Kidd's delivery, the nurse manager examined Kidd's heart monitor printout for "what [they] missed or if [they] could have called [the attending doctor] sooner." After reviewing the printout on her own, Katelyn Parnell, the attending obstetrician, said she would have performed a C-section if she had been notified of the change in heart rate sooner, the Journal reports.

"I need [you] to help me understand why I was not notified," Parnell wrote in a text to the nurse manager. In another text she wrote, "[T]his was preventable."

The first alleged ransomware death

According to Kidd, she was not aware of the ransomware attack when she was admitted to the hospital. In January 2020, she filed a medical malpractice lawsuit against Springhill in the Circuit Court of Mobile County, later amending it when her daughter died in April 2020.

In her lawsuit, Kidd alleges information about her baby's condition never reached Parnell because the attack removed the extra scrutiny the heart rate monitor would have received at the nurses' station, the Journal reports. If Kidd's allegations are proven in court, the case will be the first confirmed death from a ransomware attack.

In response to the lawsuit, Springhill has denied any wrongdoing. Jeffrey St. Clair, Springhill's CEO, said the hospital handled the ransomware attack appropriately.

"We stayed open and our dedicated health care workers continued to care for our patients because the patients needed us and we, along with the independent treating physicians who exercised their privileges at the hospital, concluded it was safe to do so," St. Clair said. (Poulsen, et al., Wall Street Journal, 9/30)