Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
United Kingdom

Officials Query if Any Deaths Directly Linked To UK Hospital Hack (bloomberg.com) 27

Officials are asking if this month's UK hospital hack resulted in fatalities. From a report: As the fallout from a cyberattack affecting hospitals in London enters its third week, doctors have been asked to report any deaths or other serious harms directly linked to the incident. On June 3, a group of ransomware hackers compromised a lab services provider, Synnovis, and locked down the company's systems, triggering major disruptions at hospitals and clinics in South East London. In the first week, doctors delayed 800 planned operations and 700 outpatient appointments and resorted to handwritten records, while a hospital solicited blood from its own clinical workers after the hack. Some of the worst interruptions have been resolved, but many services still haven't been restored.

[...] But amid the recovery, health officials last week circulated a so-called "harms monitoring" form to doctors and clinicians, asking them to record the human toll of the cyberattack. The form, which I have seen, seeks to categorize the damage through a series of questions ranging from minor to major, including "patient died as a DIRECT result of the incident."

This discussion has been archived. No new comments can be posted.

Officials Query if Any Deaths Directly Linked To UK Hospital Hack

Comments Filter:
  • by geekmux ( 1040042 ) on Wednesday June 19, 2024 @12:33PM (#64561369)

    ”patient died as a DIRECT result of the incident."

    While I can somewhat understand one’s bloodlust to pin murder charges on hackers after losing a loved one, enabling a statement like that practically opens the door for any malpractice to be swept under it.

    As if all those COVID “risk mitigation” tactics have been forgotten..

    • by sunderland56 ( 621843 ) on Wednesday June 19, 2024 @12:50PM (#64561427)

      Shouldn't any legal blame be put on the hospital/government's horribly bad security practices? If you don't lock your car door and it gets stolen, it's at least partially your fault.

      • Shouldn't any legal blame be put on the hospital/government's horribly bad security practices?

        Sure. Which senior executive do you think they should fire and arrest because they checked the funding box next to “quarterly bonus” instead of “critical IT concerns, version 17” for the last 17 fiscal quarters? We know where the legal and actual blame likely resides, with a probable paper trail of email evidence. Needless to say some hapless IT head will roll as the expected fall person instead.

        • Blame, fault, liability, responsibility, accountability. Although they're related, they're all different concepts and many people struggle with the nuance.

          The criminals who caused the damage through the cyberattack absolutely need to be held accountable for their actions. Any deaths are homicide, which helps with extradition. They committed the crimes, and ultimately fault lies there. Even if the hospitals had zero protections in place, the attackers committed the attack and remain at fault.

          Completely s

      • Read your EULA. If you dare.

        Actually, should be "If you can understand the EULA, you can understand ANYTHING." But the key part is that it ain't their fault and you can't do nuttin' about it. No matter how egregious or negligent "it" was.

      • by sjames ( 1099 )

        If someone kicks in your front door and steals all your stuff, who do YOU think should get the blame? Will you take the "high road" and tell your homeowner's insurer not to cut a check because you should have had a stronger door? If the theft included an important medical device, do YOU take full responsibility for the consequent worsening health of you or your family member? Hold the thug that kicked your door harmless?

        Perhaps you SHOULD have had a stronger door, but the crime and consequent damage is sti

      • by mjwx ( 966435 )

        Shouldn't any legal blame be put on the hospital/government's horribly bad security practices? If you don't lock your car door and it gets stolen, it's at least partially your fault.

        Ultimately it lies at the current outgoing government for underfunding and demonising the NHS, but the buck never stops at the Conservatives, always someone else's fault.

        However that's not what is happening here. We're a bit far away from finger pointing, right now senior NHS officials are just trying to quantify the effects, measure how big the problem was, how severe, et al. They're after the "what" rather than the "how" or "why" of it at the moment.

        An actual inquiry into it (and there will be an of

    • You really don't understand the definition of malpractice.

    • by sjames ( 1099 )

      OTOH, that statement may, in some cases, be entirely true. How do you feel about banning all claims of mechanical failure for auto accidents because it could be used as a cover for driver negligence?

  • by CEC-P ( 10248912 ) on Wednesday June 19, 2024 @12:40PM (#64561395)
    Hey, former Ascension employee (well, contractor) here. Several people have died because of their ransomware incident. So no matter what number they come up with in this similar case, I can almost guarantee it's not zero.
    • Re: (Score:2, Interesting)

      Hey, former Ascension employee (well, contractor) here. Several people have died because of their ransomware incident. So no matter what number they come up with in this similar case, I can almost guarantee it's not zero.

      Have you provided evidence of your claims to the appropriate police authority?

      If you have not done that after claiming you have knowledge of these deaths in a public forum...

      ...then you might be charged with "Withholding Evidence In A Criminal Investigation" ... or whatever it is called in the UK.

      • by CEC-P ( 10248912 )
        Ascension and that socialist UK garbage are two completely different companies. I'm just saying that from personal experience, this level of disruption is causing deaths since it did here.
  • hospital computer and he installed malware that changed the readings on glucose monitors. It resulted in dozens of patients being killed with a lethal dose of insulin. I'm a diabetic and I refuse to be hooked up to the Internet with my glucose monitor. IMHO.
  • I realize this is about the UK.

    IANAL, but my understanding is that in most states, if a person dies as a result of criminal actions of a second person, that person is guilty of murder, regardless of intent.

    So, had this been the US instead of the UK, there would be reasonable grounds for murder charges against the hacker.

    • by sconeu ( 64226 )

      Oops. I was wrong. I was thinking of Felony Murder, and that depends upon the crime being committed, and those tend to be violent crimes.

      Please ignore the parent post.

    • I suspect that it would be in the UK too. The problem is catching the perps. Even if you could identify them, they are probably either state sponsored or in a country that has no extradition agreement.
    • by jabuzz ( 182671 )

      It would be manslaughter in the UK. Murder requires the intention to kill or inflict serious bodily harm that could reasonably foreseen to risk death. Proving that would be next to impossible in a court of law so you go manslaughter which is where reckless action results in a death.

    • For the US it would likely be grounds for kinetic retaliation...

    • by mjwx ( 966435 )

      I realize this is about the UK.

      IANAL, but my understanding is that in most states, if a person dies as a result of criminal actions of a second person, that person is guilty of murder, regardless of intent.

      So, had this been the US instead of the UK, there would be reasonable grounds for murder charges against the hacker.

      Manslaughter in the UK. we separate out the charges of murder (intentional killing) and manslaughter (unintentional killing). Whilst this is a clear case of corporate negligence, I highly doubt anyone will be done for manslaughter. The UK is almost as bad as the US at punishing corporate malfeasance.

      Manslaughter can be a pretty serious charge, I.E. when a person is well aware their actions could cause death but did them anyway (OTOH, it can be fairly light, people cam easily walk from vehicular manslaugh

  • So now these cyber attacks are targeting hospitals shouldn't this be considered an act of war? But it's underground hackers in semi random countries. No problem. Get some mercenaries to make a few examples. A pillow case over the head, a trip in a windowless van, some Biff's and Biff's, and maybe removed genitals. The people carrying out these attacks will start to get the message
  • It's truly concerning how cyberattacks can impact real lives in such a direct and devastating manner. A few years back, our local hospital faced a similar crisis when their systems were compromised. I remember the chaos and delays in critical treatments like chemotherapy and surgeries. It made me realize the importance of resilience in healthcare systems and the need for backup plans. Speaking of support, I've found that natural remedies like lymphatic drainage drops [amazon.com] can aid in recovery and overall wellness

"For the love of phlegm...a stupid wall of death rays. How tacky can ya get?" - Post Brothers comics

Working...