Officials Query if Any Deaths Directly Linked To UK Hospital Hack (bloomberg.com) 26
Officials are asking if this month's UK hospital hack resulted in fatalities. From a report: As the fallout from a cyberattack affecting hospitals in London enters its third week, doctors have been asked to report any deaths or other serious harms directly linked to the incident. On June 3, a group of ransomware hackers compromised a lab services provider, Synnovis, and locked down the company's systems, triggering major disruptions at hospitals and clinics in South East London. In the first week, doctors delayed 800 planned operations and 700 outpatient appointments and resorted to handwritten records, while a hospital solicited blood from its own clinical workers after the hack. Some of the worst interruptions have been resolved, but many services still haven't been restored.
[...] But amid the recovery, health officials last week circulated a so-called "harms monitoring" form to doctors and clinicians, asking them to record the human toll of the cyberattack. The form, which I have seen, seeks to categorize the damage through a series of questions ranging from minor to major, including "patient died as a DIRECT result of the incident."
[...] But amid the recovery, health officials last week circulated a so-called "harms monitoring" form to doctors and clinicians, asking them to record the human toll of the cyberattack. The form, which I have seen, seeks to categorize the damage through a series of questions ranging from minor to major, including "patient died as a DIRECT result of the incident."
Cover for malpractice. (Score:3)
”patient died as a DIRECT result of the incident."
While I can somewhat understand one’s bloodlust to pin murder charges on hackers after losing a loved one, enabling a statement like that practically opens the door for any malpractice to be swept under it.
As if all those COVID “risk mitigation” tactics have been forgotten..
Re:Cover for malpractice. (Score:4, Interesting)
Shouldn't any legal blame be put on the hospital/government's horribly bad security practices? If you don't lock your car door and it gets stolen, it's at least partially your fault.
Re: (Score:3)
Shouldn't any legal blame be put on the hospital/government's horribly bad security practices?
Sure. Which senior executive do you think they should fire and arrest because they checked the funding box next to “quarterly bonus” instead of “critical IT concerns, version 17” for the last 17 fiscal quarters? We know where the legal and actual blame likely resides, with a probable paper trail of email evidence. Needless to say some hapless IT head will roll as the expected fall person instead.
It's more complex. (Score:3)
Blame, fault, liability, responsibility, accountability. Although they're related, they're all different concepts and many people struggle with the nuance.
The criminals who caused the damage through the cyberattack absolutely need to be held accountable for their actions. Any deaths are homicide, which helps with extradition. They committed the crimes, and ultimately fault lies there. Even if the hospitals had zero protections in place, the attackers committed the attack and remain at fault.
Completely s
Re:Cover for malpractice. [NOT LIABLE] (Score:2)
Read your EULA. If you dare.
Actually, should be "If you can understand the EULA, you can understand ANYTHING." But the key part is that it ain't their fault and you can't do nuttin' about it. No matter how egregious or negligent "it" was.
Re: (Score:2)
If someone kicks in your front door and steals all your stuff, who do YOU think should get the blame? Will you take the "high road" and tell your homeowner's insurer not to cut a check because you should have had a stronger door? If the theft included an important medical device, do YOU take full responsibility for the consequent worsening health of you or your family member? Hold the thug that kicked your door harmless?
Perhaps you SHOULD have had a stronger door, but the crime and consequent damage is sti
Re: (Score:2)
Shouldn't any legal blame be put on the hospital/government's horribly bad security practices? If you don't lock your car door and it gets stolen, it's at least partially your fault.
Ultimately it lies at the current outgoing government for underfunding and demonising the NHS, but the buck never stops at the Conservatives, always someone else's fault.
However that's not what is happening here. We're a bit far away from finger pointing, right now senior NHS officials are just trying to quantify the effects, measure how big the problem was, how severe, et al. They're after the "what" rather than the "how" or "why" of it at the moment.
An actual inquiry into it (and there will be an of
Re: (Score:2)
You really don't understand the definition of malpractice.
Re: (Score:2)
OTOH, that statement may, in some cases, be entirely true. How do you feel about banning all claims of mechanical failure for auto accidents because it could be used as a cover for driver negligence?
Not zero (Score:3)
Re: (Score:2, Interesting)
Hey, former Ascension employee (well, contractor) here. Several people have died because of their ransomware incident. So no matter what number they come up with in this similar case, I can almost guarantee it's not zero.
Have you provided evidence of your claims to the appropriate police authority?
If you have not done that after claiming you have knowledge of these deaths in a public forum...
...then you might be charged with "Withholding Evidence In A Criminal Investigation" ... or whatever it is called in the UK.
Re: (Score:2)
Years ago a Law & Order featured a hacker into (Score:1)
In the US, this would be murder... (Score:2)
I realize this is about the UK.
IANAL, but my understanding is that in most states, if a person dies as a result of criminal actions of a second person, that person is guilty of murder, regardless of intent.
So, had this been the US instead of the UK, there would be reasonable grounds for murder charges against the hacker.
Re: (Score:2)
Oops. I was wrong. I was thinking of Felony Murder, and that depends upon the crime being committed, and those tend to be violent crimes.
Please ignore the parent post.
Re: (Score:2)
Re: (Score:2)
It would be manslaughter in the UK. Murder requires the intention to kill or inflict serious bodily harm that could reasonably foreseen to risk death. Proving that would be next to impossible in a court of law so you go manslaughter which is where reckless action results in a death.
Re: (Score:2)
For the US it would likely be grounds for kinetic retaliation...
Re: (Score:2)
I realize this is about the UK.
IANAL, but my understanding is that in most states, if a person dies as a result of criminal actions of a second person, that person is guilty of murder, regardless of intent.
So, had this been the US instead of the UK, there would be reasonable grounds for murder charges against the hacker.
Manslaughter in the UK. we separate out the charges of murder (intentional killing) and manslaughter (unintentional killing). Whilst this is a clear case of corporate negligence, I highly doubt anyone will be done for manslaughter. The UK is almost as bad as the US at punishing corporate malfeasance.
Manslaughter can be a pretty serious charge, I.E. when a person is well aware their actions could cause death but did them anyway (OTOH, it can be fairly light, people cam easily walk from vehicular manslaugh
Re: (Score:2)
Black windowless vans , pillow cases, and ski mask (Score:1)