Ms. Kidd has sued Springhill, alleging information about the baby’s condition never made it to Dr. Parnell because the hack wiped away the extra layer of scrutiny the heart rate monitor would have received at the nurses’ station. If proven in court, the case will mark the first confirmed death from a ransomware attack.
The hospital denies any wrongdoing. In an emailed statement to The Wall Street Journal, Springhill CEO Jeffrey St. Clair said the hospital handled the attack appropriately: “We stayed open and our dedicated healthcare workers continued to care for our patients because the patients needed us and we, along with the independent treating physicians who exercised their privileges at the hospital, concluded it was safe to do so.”
Dr. Parnell, who is also named as a defendant in the lawsuit, didn’t respond to detailed requests for comment. In a court filing, Dr. Parnell said that she had been aware of the cyberattack, but “believed Ms. Kidd could safely deliver her baby at Springhill” at the time she was admitted.
The hospital is arguing in a motion that any obligation to inform Ms. Kidd about the hack fell on Dr. Parnell, who has not yet responded to that motion.