Cyberattacks: A New Frontier Of Medical Malpractice

Recently, a medical malpractice lawsuit has been filed in Alabama over the death of a baby during a ransomware attack. Doctors are increasingly facing risks related to medical malpractice that stem from cyber security issues. The case mentioned above is the first known death related to ransomware and other malware attacks. Another incident in Georgia resulted in charges being filed against the COO of the IT firm tasked with protecting the hospital.

In Alabama, hospital officials paid the ransom to get their computers back working. They claim the attack did not result in any patient harm. However, the parents of a newborn who died blame the attack for their child’s death. The hospital has denied wrongdoing.

Can hospitals be held liable for cyberattacks? 

Yes, of course they can. The problem is that it blurs the line between medical negligence, regular negligence, and other forms of professional negligence. In a case like this, the hospital is responsible for protecting its computers and patient information. If a breach in security causes the hospital infrastructure to go down, the hospital is primarily liable for that failure. However, most hospitals outsource their IT to another company that provides professional IT services to the hospital. While IT services don’t have advanced standard-of-care requirements like the medical industry, they do have professional liability insurance and coverage.

In a lawsuit like this, the plaintiff would name the attending doctor, the hospital, and the company that was providing IT services to the hospital. The hospital will point the finger at the IT company and the IT company will point the finger back at the hospital. However, the attackers are primarily responsible for the patient’s death. Nonetheless, it’s possible that a hospital employee committed some negligence that compromised the hospital’s computer network. So the negligence ping-pongs back and forth between the hospital and the IT company.

Is this a medical malpractice lawsuit? 

That depends entirely on what state the lawsuit is filed in. In Florida, it requires a medical decision for a lawsuit to qualify as medical malpractice. In Virginia, the mere fact that a medical consequence occurred as a result of hospital malpractice is enough to cause the claim to be tried under a medical malpractice theory.

The problem for plaintiffs is that medical malpractice lawsuits are much harder to file and win than other types of personal injury lawsuits. So the plaintiffs often find themselves in the position of attempting to prove that the issue was not related to medical malpractice while the doctors find themselves in the awkward position of proving the claim against them is medical malpractice. How this lawsuit plays out can have a major impact on future claims related to hospital IT security.

Talk to a Charlottesville, VA Medical Malpractice Attorney 

If you’ve been injured due to negligent hospital or health care, call the Charlottesville medical malpractice attorneys at MichieHamlett today to schedule a free consultation and learn more about how we can help.

Resource:

wsj.com/articles/ransomware-hackers-hospital-first-alleged-death-11633008116