Recent cyberattacks including ransomware attacks on large health care systems, hospitals, and other health care providers that effect the provision of health care to patients and access to patient records that may harm patient safety are being cited in an increasing number of medical malpractice cases as causing or contributing to unnecessary harm suffered by patients. If patient care is delayed or unavailable due to a cyberattack for which the health care provider was negligent in preventing or limiting the harm caused by the intrusion, it is increasingly common that a personal injury claim may result.
Greater Baltimore Medical Center (“GBMC”) in Baltimore County, Maryland issued the following statement after a ransomware attack caused mayhem: “On the morning of Sunday, December 6, 2020, GBMC HealthCare detected a cyber incident that impacted information technology systems. GBMC has begun restoring its electronic medical record system, after being taken offline as a precaution. Our telephone and email systems are again functional. While GBMC regrets the incident caused some procedures to be rescheduled, this step was the prudent thing to do. We are confident we are on the right path and our work to provide the COVID-19 vaccine is on course.”
Becker’s Health IT reported: “Towson, Md.-based Greater Baltimore Medical Center HealthCare began restoring its EHR system Jan. 6 after a December ransomware attack shut down many of its IT systems. In addition to the EHR, the cyberattack disrupted GBMC’s communication and data infrastructure systems, leaving the hospital to shut them down as a precaution. GBMC continued operations during the downtime but did reschedule some procedures. GBMC said there is no evidence any patient information has been misused and is working with law enforcement to investigate the incident. “We were attacked, and all our tightly connected computer systems went down. In addition, we have telephones that work via computers; they went down, as well,” GBMC President and CEO John Chessare, MD, said in a note and video message to patients Jan. 6, according to The Baltimore Sun. Dr. Chessare said patients were unable to view their medical records online or communicate through the hospital’s MyChart patient portal for the month following the attack. He confirmed Jan. 6 that those functions are restored and available to patients.”
Mandiant, Inc. (formerly known as FireEye, Inc.), which self-describes as the leader in dynamic cyber defense and response, issued a report of October 7, 2021 in which it stated: “FIN12 is a financially motivated threat group, active since at least October 2018, that specializes in the post-compromise deployment of primarily RYUK ransomware. Instead of conducting multifaceted extortion, FIN12 appears to prioritize speed and higher revenue victims … The majority of observed FIN12 victims have been based in North America, but their regional targeting has been expanding in 2021 throughout other regions, including Europe and Asia Pacific. We have observed FIN12 victims in nearly every industry, but notably 20 percent of these organizations have been based in the healthcare sector … unlike most ransomware threat actors, FIN12 has repeatedly targeted healthcare organizations.”
If you or a loved one may have been injured (or worse) as a result of a hospital ransomware attack (hospital cyberattack) in Maryland or in another U.S. state, you should promptly find a Maryland medical malpractice lawyer, or a medical malpractice lawyer in your state, who may investigate your medical malpractice claim for you and represent you or your loved one in a medical malpractice case, if appropriate.
Click here to visit our website or call us toll-free in the United States at 800-295-3959 to find medical malpractice attorneys in your U.S. state who may assist you.
Turn to us when you don’t know where to turn.