Double Punch For Hospitals: Risk Of Malpractice Lawsuit After Cyber Attack

Some beleaguered healthcare systems, already reeling from ransomware attacks, are finding themselves having to defend what one MD/cybersecurity expert believes will emerge as the most common area of medical malpractice. He foresees a wave of both legitimate and opportunistic lawsuits, from plaintiffs alleging “suboptimal clinical outcomes due to delayed or inappropriate clinical management due to clinical workflow disruption.” In one recent case, the death of an infant was alleged to be the result of inadequate monitoring at a critical period after birth, as the result of compromised electronic systems following a cyberattack.

According to one attorney, these cases are more likely to arise as class actions than individual claims, and providers should now consider this risk when they formulate their policies and procedures. She recommends they review recent cases, with their own operations in mind, and ask some probing questions.  “How fulsome was the security risk analysis and subsequent remediation of issues performed by the covered entity? What sort of workforce training was the entity conducting prior to an attack?”