In September of 2020, German authorities decided that hackers were responsible for the death of a patient re-routed to a second hospital due to the first hospital having been seized by ransomware.
A month later, Yahoo News broke a story about an FBI cyber warning for American hospitals. "Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking."
It wasn't just because of what had happened in Germany, but the proliferation of cybercrimes across critical American industries was viewed as vulnerable and lucrative. The FBI also had a real case to compare back to.
In July of 2019, heart monitors were disabled by ransomware attackers at Springhill Medical Center, Alabama, inside a labor and delivery unit. The attack kept staff from "spotting blood & oxygen deprivation that led to a baby’s death during delivery."
According to court filings, "labor-and-delivery staff were cut off from the equipment that monitors fetal heartbeats, which normally track on a large screen at the nurses’ station and in the delivery room." Even worse was that the attack caused the baby to suffer brain damage and die nine months later. Dr. Katelyn Parnell told the nurse manager that she would have delivered the baby via cesarean section if she’d been able to see the heart monitor’s readout.
Ransomeware gangs are not just a threat to people's bank accounts and private information but also lives. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services know that health-related cybercrime is a genuine possibility. The agencies have published warnings of “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” since 2020.