Mom blames baby’s death on hospital attacked by ransomware

An Alabama woman whose 9-month-old daughter died has filed a suit against the hospital where she was born claiming it did not disclose that its computer systems had been crippled by a cyberattack, which resulted in diminished care that resulted in the baby’s death.

Springhill Medical Center was besieged by a ransomware attack when Nicko Silar was born July 17, 2019.  The resulting failure of electronic devices meant a doctor could not properly monitor the child’s condition during delivery, according to the lawsuit by Teiranni Kidd, the child’s mother. 

“The number of health care providers who would normally monitor her labor and delivery was substantially reduced and important safety-critical layers of redundancy were eliminated,” the suit claims.

Left with severe brain injuries and other problems, the baby died last year after months of intensive care at another hospital.

The lawsuit, initially filed in Mobile County in 2019 while Nicko was still alive, was first reported by The Wall Street Journal on Thursday.

A wide range of businesses, schools, government agencies and other organizations have increasingly fallen prey to ransomware attacks, in which cybercriminals cripple or seize control of their computer systems and demand payment. Such schemes have even the rise of “ransomware-as-a-service,” in which criminal groups sell or rent their hacking software or services to those who want to carry out cyberattacks to extort victims.

Inside look at cybercriminal market “Genesis”… 04:03

Kidd’s malpractice lawsuit, which seeks an unspecified amount of money from the hospital and Dr. Katelyn Braswell Parnell, who delivered Nicko, contends Springhill did not reveal the severity of the cyberattack publicly or to Kidd. The woman “would have gone to a different and safer hospital for labor and delivery” had she known what was going on, it claims.

Springhill has denied wrongdoing and asked a judge to dismiss the most serious part of the lawsuit, which contends officials conspired to publicly create a “false, misleading, and deceptive narrative” about the cyberattack in a scheme that made the child’s delivery unsafe.

The hospital claimed any blame lies with Parnell, who “was fully aware of the inaccessibility of the relevant systems, including those in the labor and delivery unit, and yet determined that (Kidd) could safely deliver her at Springhill.” Under Alabama law, the hospital did not have any legal duty to provide Kidd with details of the cyberattack, the hospital argued.

The suit however, holds the hospital accountable, stating that Springhill Memorial acted “vicariously by and through its agents, servants and employees.” 

Parnell and her medical group, Bay Area Physicians for Women, denied she did anything that hurt Nicko or caused the child’s injuries and death.

Springhill released a public statement about the cyberattack the day before the child was born saying staff “has continued to safely care for our patients and will continue to provide the high quality of service that our patients deserve and expect,” WKRG-TV reported at the time.