Respected Attorneys To Protect Your Rights

Will losing federal funding spur better hospital cybersecurity?

On Behalf of | May 27, 2024 | Medical Malpractice |

You’ve probably seen the new reports of ransomware attacks on large hospital systems throughout the country in recent years. Even more of these attacks go unreported because the victims don’t want the public to know about them. They’ve paid the ransom to the hackers. That’s one reason why the exact data on patient harm and fatalities caused by these attacks isn’t known.

Of course, all kinds of businesses and even public entities can be the victims. Hospitals are among the most profitable targets, however, because the stakes are so high for them. If their patient monitoring equipment, electronic health record (EHR) systems and more aren’t functioning, it can potentially mean the difference between life and death. The confidentiality of patient data is also at risk.

While not all attacks are preventable, some can be with the proper safeguards in place. That’s why the Centers for Medicare & Medicaid Services (CMS) has announced that it will start making “cyber hygiene” one of the factors it uses to determine whether a hospital or other medical facility receives federal funding.

This will include requiring hospitals to use digital security tools like multi-factor authentication (MFA). As one official with the Biden administration says, they will be “homing in on those key cybersecurity practices that we really do believe bring a meaningful impact.”

Can a hospital be held liable for patient harm resulting from a ransomware attack?

These legal claims are likely to become more common as these attacks become more widely reported. A hospital’s liability for patient harm depends on a number of factors. For example:

  • Did its inadequate cybersecurity allow the attack?
  • Did it have backup systems to replace those that didn’t function during the attack?
  • Were patients notified of the attack and its effect on their care?
  • Were the appropriate authorities and local agencies notified so that emergency cases could be sent elsewhere?

If you believe that you or a loved one suffered harm or worse as the result of a ransomware attack that was preventable and/or mishandled, it’s wise to get legal guidance as soon as possible to determine whether you have a valid malpractice claim.