You’ve probably read or heard about cyberattacks by hackers who shut down the systems of businesses, government entities and other organizations until they are paid a “ransom.” A favorite target of hackers is health care companies that often manage multiple hospitals. Not only do healthcare companies’ systems contain a treasure trove of confidential information, but they’re also used for everything from electronic health records (EHR) to monitoring newborn babies who are in medical peril.
While law enforcement agencies caution strongly against paying ransom, in some cases, hospitals do just that to resolve the issue quickly and keep it private. Unfortunately, they don’t always inform patients or their loved ones that systems patients rely on for monitoring and numerous other necessary functions aren’t working. They may also decide not to notify local dispatchers to direct first responders to other hospitals.
Researchers have sought to determine how many patients have been harmed or killed due to cyberattacks on hospital systems. While there aren’t definitive statistics yet, there’s no doubt that people have had medical setbacks and even died because hospital systems stopped functioning.
What factors are relevant to hospital liability?
Patients and surviving loved ones sometimes take legal action to hold hospitals liable for the harm done by cyberattacks and how the hospital chose to handle the attack. Among the determiners of liability are whether:
- The attack could have been prevented by better cybersecurity measures.
- The hospital had back-up systems.
- Staff notified patients and family.
During the Biden administration, the U.S. Department of Health and Human Services (HHS), which oversees the Centers for Medicare & Medicaid Services (CMS), took steps to help hospitals improve their “cyber hygiene.” With the new American presidential administration and the new heads of the CMS and HHS, it’s unknown whether such efforts will continue.
If you or a loved one was harmed due to a cyberattack on a hospital or other medical facility, it may be smart to seek legal guidance to help determine your options for seeking justice and compensation.