ARTICLE
22 August 2018

Hacker Fails To Establish "Necessity" Of DDOS Attack On Hospital

FH
Foley Hoag LLP

Contributor

Foley Hoag provides innovative, strategic legal services to public, private and government clients. We have premier capabilities in the life sciences, healthcare, technology, energy, professional services and private funds fields, and in cross-border disputes. The diverse experiences of our lawyers contribute to the exceptional senior-level service we deliver to clients.
In a recent decision from the District of Massachusetts, the alleged perpetrator of cyber-attacks against Wayside Youth and Family Support Network and Boston Children's Hospital ("BCH") ...
United States Technology

In a recent decision from the District of Massachusetts, the alleged perpetrator of cyber-attacks against Wayside Youth and Family Support Network and Boston Children's Hospital ("BCH") failed in his attempt to assert a novel defense: necessity. In what most would view as a positive development, the court found that the defendant and alleged hacker did not "offer[] competent evidence that it was objectively reasonable to anticipate a causal relationship between the alleged cyber attack and the purported harm to be averted."

On April 19, 2014, the defendant and his alleged conspirators purportedly initiated a DDOS attack against BCH's Massachusetts server for at least seven days, taking BCH's website out of service. The attacks disrupted the entire BCH community by impeding the ability of physicians to communicate and access patient records. The cyber attack also occurred during a period of important fundraising which was severely impacted. Responding to and mitigating the damage from the attack purportedly cost BCH more than $300,000 in addition to lost fundraising estimated at $300,000.

In the face of serious criminal charges, this defendant argued that it was reasonable to anticipate a direct, causal relationship between his cyberattack and the harm he sought to avert — in particular, he proffer (unconvincing) evidence that the cyber attack largely achieved the intended effect of raising awareness of the story of what he viewed as the inappropriate treatment of a particular BCH patient.

With great seriousness, the court rejected this defense and concluded that "Defendant ... fail[ed] to elucidate that there were no legal alternatives to the alleged cyber attack."

To view Foley Hoag's Security, Privacy and The Law Blog please click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More