For a free consultation, call 1.877.928.9147 or Contact us here

Skip to main content

Can Healthcare Providers be Responsible For Patient Harm Caused by a Ransomware Attack?

It is indisputable that technology has dramatically impacted the advancement of medicine and patient care. For example, information technologies allow medical care providers to store more information, retrieve it quickly and efficiently, and share it when necessary. As a result, the data is more legible, leading to fewer misinterpretations and errors.

Diagnostic equipment and medical devices continue to improve. Telemedicine allows more people to obtain health care more quickly. With the internet, there are volumes of Medicare information available at our fingertips. This can help both doctors and patients when the information is used correctly.

But technology also brings challenges. For example, workers must understand the technology and use it correctly. Additionally, as we all know, we sometimes lose access to our technology due to unexpected hardware or software failure. Such a loss could have a disastrous effect on patient care. Think about how lost most people feel over just a few minutes of internet outage! 

Sometimes, these technology failures cannot be helped. But, in other instances, the problems could have been predicted and avoided. This blog post will discuss ransomware attacks and how they can impact patient health.

What Is a Ransomware Attack?

Words like “hacking,” “malware,” and “ransomware” are problems no one had to bother with before the technological revolution we are currently enjoying. Now, they have become a part of our vocabulary and our life. It has become somewhat common to hear about hacks of major corporations and how the “bad guys” got access to customer data. 

It is routine for people who work for big companies (and probably many small ones, too) to receive training on how to avoid dangerous spam and phishing attacks, to stop hackers from gaining information that will allow them access to sensitive and protected information. 

According to the FBI, ransomware is malicious software (malware) that gets downloaded onto the victim’s computer. The malware can encrypt the data files on the computer, or use other methods that prevent the rightful owner of the data from accessing it. The attacker then demands that a ransom be paid before releasing the data to the owner. The amount of money demanded can be high. The victim of the attack then must decide whether or not to pay the ransom. If it is not paid, there can be a severe disruption of the data owner’s business and activities while access to the data is blocked.

Have Ransomware Attacks Occurred in the Medical Industry?

The answer is “yes.” According to research posted in the JAMA Health Forum, between 2016 and 2021, the number of ransomware attacks on “healthcare delivery organizations” more than doubled. These attacks involved the information of 42 million patients. In addition, the authors found anecdotal evidence that the attacks can threaten patient outcomes. In discussing the research, a Relias Media article noted some of the following disruptions to health care from the attacks:

  • Delayed appointments.
  • Canceled appointments.
  • System downtime.
  • Canceled procedures.
  • Ambulance diversion.

Some of the reported disruptions lasted more than two weeks. 

Can Healthcare Providers Be Liable if the Ransomware Causes Harm to a Patient?

While this area of the law is still in its infancy, if the circumstances demonstrate that the healthcare provider acted negligently and that negligence harmed a patient, recovery should be available, just like any other negligence case. 

As with all negligence cases, the jury would be asked to determine if the defendant’s provider acted reasonably. For example, it would not be reasonable for a company to completely ignore the threat of ransomware and hacking in today’s environment. Whether the provider instituted sufficient protections would likely be a jury question.

In a real-life example in a case filed in Alabama, the plaintiffs contend that their newborn child died because the hospital lost access to important data for eight days due to a ransomware attack. The lawsuit alleges that fetal heart rate monitoring stopped working, and that a combination of problems resulting from the ransomware attack caused the child’s death. Likely, the result in such a case would determine whether the healthcare provider was prepared for the ransomware attack and how the provider responded to the attack. 

Call with Questions

If you or a loved one suffers injury for any reason while receiving health care, you will likely have questions about your rights. At Nelson MacNeil Rayfield, we have experienced lawyers who routinely deal with medical malpractice and negligence cases. We are equipped to investigate cases and provide representation if you need it. We will happily answer any questions you have about your circumstances in a free consultation. We know how important it is to hold negligent wrongdoers accountable for their actions to ensure everyone is safer.