Contact

Cybersecurity Enforcement in a World Where a Ransomware Attack Led to a Baby’s Death

Published
14 Oct 2021
Read time
4 min read
Category
Security

A US medical malpractice lawsuit (scheduled for trial in November 2022) alleges that a hospital fraudulently failed to disclose an IT outage caused by ransomware to its patients. In this case, healthcare providers couldn’t access electronic medical records or foetal monitoring due to the ransomware attack. Had they been able to, the monitoring would have shown that the plaintiff’s unborn baby was in distress. In its absence, the baby was born with her umbilical cord around her neck resulting in severe complications. She ultimately (and tragically) passed away after months in intensive care.  

You can read more about this here: https://www.databreachtoday.com/lawsuit-hospitals-ransomware-attack-led-to-babys-death-a-17663  

 

Global Regulators Increasingly Focusing on Cybersecurity Enforcement 

With potentially fatal real-world consequences (and with the civil liability landscape for cyber security incidents still in nascent stages), it is unsurprising that regulators around the globe are increasingly turning their head to enforcement for lax cybersecurity. Recently: 

  • The US Department of Justice has just announced a launch of an initiative that will enforce cybersecurity requirements in federal government contracts amongst its suppliers. 
  •  The UK Information Commissioner’s Office fined a transgender charity for failing to keep the personal data of its data subjects secure.  
  • The Danish Data Protection Authority fined a COVID-19 test provider for processing sensitive data without appropriate security measures. In some cases, employees sent health information from their personal phones to the company’s central database via a WhatsApp group. This means that all employees could see all the health information sent by others. 
  • ASIC commenced proceedings against RI Advice Group Pty Ltd for failing to have adequate cyber security systems. See our previous blog post here. 

 

ASIC Announces Cyber Security Priority in Australia 

In addition to increased cybersecurity enforcement, ASIC has expressly announced its intention to intensify its focus on cyber security in its Corporate Plan for 2021 – 25.  In fact, cyber security is one of its four external priorities:  

“Supporting enhanced cyber resilience and cyber security among ASIC’s regulated population, in line with the whole-of-government commitment to mitigating cyber security risks” 

While ASIC’s cybersecurity enforcement capabilities only reach registered companies, financial markets, financial services providers, and credit services providers, organisations outside these industries should still consider the potential impact of global trend towards enforcement for lax cybersecurity.

What Else is Happening in Australia with Cyber Security Regulation? 

The Australian Government, in its discussion paper on Australia’s cyber security strategy, reported that 40% of medium and large-sized Australian businesses did not have any cyber security governance or framework in 2018.  

The paper goes on to suggest three options for cyber security risk management in Australia, before seeking feedback on the potential solutions:  

Option 0: Maintain the status quo.  

Option 1: Voluntary governance standards for larger businesses.  

Option 2: Mandatory governance standards for larger businesses.  

The reforms considered include “stronger cyber security standards for the digital economy, more transparent information about cyber security, and stronger legal remedies for consumers.” The paper also contemplates how the voluntary standard would “strengthen and complement existing director’s duties…”, potentially heralding a future where directors may be held personally liable for cyber security incidents.  

We’ve covered the proposed changes to cyber security regulation here. 

 

Now is the Time to Strengthen Your Organisation’s Cyber Security  

Australian organisations must start to strengthen cyber resilience, cyber security frameworks, and organisational processes to respond to rising pressures and increased cybersecurity enforcement. The specialist team at Privacy 108, led by one of Australia’s foremost privacy experts Dr Jodie Siganto, work with medium and large-sized organisations to develop robust cyber security frameworks. Our cybersecurity lawyers offer: 

  • Cyber awareness programs and training.  
  • Strategic frameworks for minimising the risk of unauthorised data access.  
  • Detection systems and processes. 
  • Data breach responses. 
  • Data loss policies to mitigate potential losses from ransomware or similar.  
  • Cyber-continuity planning. 
  • Criteria for choosing cyber-conscious third-party service providers.  
  • Data sharing contracts between EEA-based and non-EEA companies.  
  • Compliant collaboration and information sharing policies and processes.  
  • Responsive cyber governance programs. 

For more information, get in touch:

 

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Consent
Ready to turn insight into action?
Connect with Privacy 108.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Privacy 108 collects your name and contact details to respond to your enquiry and communicate with you about it. If you do not provide this information, we may be unable to respond. We do not disclose this information to third parties. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Talk to us?
Looking to take your business to the next level? Speak with our experts today!
Contact us
Related articles
  • 1300 41 20 50
  • Level 3, 240 Queen St, Brisbane QLD 4000
  • Ground Floor Reception, 3 Spring St, Sydney NSW 2000
  • PO Box 3295, Yeronga QLD 4104
  • Follow us on LinkedIn
Services
Privacy Risk Management Privacy Impact Assessments AI Governance Privacy Legal Services Research and Policy
Company
About Privacy 108 Our Team Careers Insights Contact Us Privacy Policy Terms & Conditions
Subscribe to our newsletter
Subscribe
Privacy 108 Consulting Pty Ltd ABN 52 600 425 885 is an incorporated legal practice registered with the Queensland Law Society. Liability limited by a scheme approved under Professional Standards Legislation.
We respectfully acknowledge the Traditional Owners of the land we work on and pay our respects to their Elders past, present and future in maintaining the culture, country and their spiritual connection to the land.
© 2026 by Privacy 108 Consulting Pty Ltd. ABN 52 600 425 885
Website by DeeperLook
Subscribe to our Newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.