A lawsuit is alleging that a 2019 ransomware attack on Mobile, Ala.-based Springhill Medical Center resulted in a baby's death, according to a Sept. 30 report by The Wall Street Journal.
In July 2019, the hospital said it was operating without the full function of its computer systems. The facility shut down its network for nearly eight days because of a ransomware attack. Patient records were inaccessible, medical staff were cut off from equipment used to monitor fetal heartbeats, and more.
The attack is now allegedly linked to the first hospital death caused by a ransomware attack, if the suit holds up in court.
When Teiranni Kidd went to the hospital to deliver her baby, she said she had no idea the hospital was in the middle of a ransomware attack, the Journal reported. Her daughter was born at the hospital with her umbilical cord wrapped around her neck. The baby suffered severe brain damage due to the umbilical cord being wrapped around her neck and she died nine months later.
Katelyn Parnell, MD, attending OB-GYN at the hospital, texted the nurse manager that she would have delivered the baby by cesarean section had she seen the monitor readout.
"I need u to help me understand why I was not notified," Dr. Parnell said in text messages obtained by the Journal. Dr. Parnell said in another text: "This was preventable."
Ms. Kidd is suing the hospital, claiming the ransomware attack prevented Dr. Parnell from learning about the baby's condition, the Journal reported. The suit alleges the ransomware attack disrupted how the nurses could monitor the baby's heart rate at the nurses' station, the Journal reported.
The hospital has denied any wrongdoing.
Jeffery St. Clair, CEO of the hospital, told the Journal, "We stayed open and our dedicated healthcare workers continued to care for our patients because the patients needed us and we, along with the independent treating physicians who exercised their privileges at the hospital, concluded it was safe to do so."
Dr. Parnell said in court filings she had been aware of the ransomware attack, but she believed it was safe for Ms. Kidd to deliver her baby at the hospital, the Journal reported. The hospital claimed in a motion that any obligation to inform Ms. Kidd about the hack fell on Dr. Parnell, who has not yet responded to that motion.
The lawsuit reveals that some employees are claiming they were initially in the dark about the attack, the Journal reported. Computers had notes taped on them saying EHRs were down until further notice. One physician wrote in a message submitted as evidence, "I heard it was ransomware."
Amid the attack, a hospital spokesperson told WPMI that no patient information or patient care was affected by the cybersecurity incident.