Hospital ransomware attack caused baby’s death by shutting down heart rate display, lawsuit claims

Lawyers for Teiranni Kidd accused Springhill Hospital in Alabama of negligence over the ‘preventable’ death of her daughter Nicko during a cyberattack

Independent Staff
Thursday 30 September 2021 21:04
<p>Cyber attacks are on the increase across the United States</p>

Cyber attacks are on the increase across the United States

Leer en Español

An Alabama woman whose baby died during a ransomware attack on the hospital where she was giving birth has sued the institution for negligence and wrongful death.

In court papers filed last June, lawyers for Teiranni Kidd of Mobile, Alabama accuse Springhill Memorial Hospital and its parent company of not doing enough to prevent the cyberattack and of conspiring to hide its severity.

Ms Kidd’s daughter, Nicko, was born in July 2019 with her umbilical cord wrapped around her neck, which elevated her heart rate, gave her severe brain damage, and led to her death nine months later.

The problem normally have been visible on a large screen at the central nurses’ station, but that system had been locked down by hackers demanding a ransom payment, leaving only a paper print-out at Ms Kidd’s bedside to register the danger.

“Teiranni Kidd... was not told that the hospital's computer systems had been hacked, that they were not operating as needed, and that patient safety was implicated and could be compromised,” the lawsuit says.

It then describes how the ransomware shut down the hospital’s computer systems for days on end, forcing nurses and doctors to use outdated paper heartbeat charts and hand-delivered documents.

“Nurses and other healthcare personnel were forced to use outdated paper charting methods and paper documentation to record and document Teiranni’s labour and Nicko's delivery,” it says.

“Some of the paper forms used outdated terminology and had not been used in years...

“As a result, the number of healthcare providers who would normally monitor her labour and delivery was substantially reduced, and important safety-critical layers of redundancy were eliminated.”

The suit contends that if Ms Kidd had known the extent of the cyberattack she would have chosen to have her baby elsewhere.

Ms Kidd’s complaint, first reported by The Wall Street Journal on Thursday, was originally filled in January 2020 and amended that June after Nicko’s death.

If her claims are proven, it would be first death conclusively tied to ransomware attacks, which have sown chaos around the world by shutting down computer systems in hospitals, transport networks, gas pipelines and beyond.

Springhill Hospital denies any wrongdoing. Its chief executive Jeffrey St Clair told the Journal that it had stayed open because patients needed its services and its physicians had deemed it safe to do so.

According to the Journal, court documents show how Springhill medics scrambled to keep their hospital running in the wake of the attack, which had reportedly been running for eight days when Ms Kidd arrived.

“We have no computer charting for I don’t know how long,” one manager said. “I want to run away,” said a nurse in a text message.

Jeffrey Planchard, an anaesthesiologist who worked at Springhill during the outage, told the Journal that losing access to medical records “put lives at risk”.

He said that usually, nurses would “instinctively” check the main screen throughout the day, but instead it fell to a single nurse on Ms Kidd’s ward to notice the problem on printouts from a bedside heart rate monitor.

In the aftermath of Nicko’s birth, text messages published by the Journal show Katelyn Parnell, the attending obstetrician, telling the nurse manager: "I need u to help me understand why I was not notified."

To another colleague, she texted: “It just sucks. Totally preventable. I know bad things happen and sometimes you can't control it, but this was preventable.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in