US hospital sues Bank of America for failing to stop loss in $1m cyber attack

A US hospital is suing Bank of America for alleged failings in relation to a cyber attack that led to losses of more than $1m

A US hospital is suing Bank of America for alleged failings in relation to a cyber attack that led to losses of more than $1m.

In 2013, Chelan County Hospital lost about $1m when cyber criminals put unauthorised payments into its payroll system, according to website

Hackers accessed the hospital’s payroll to get Bank of America to transfer the funds to them. According to papers filed at the US district court in Washington's eastern district, about $400,000 was lost on one day and then the next day, when a suspicious payment for about $600,000 was noticed, the hospital contacted the bank.

Despite the hospital confirming that the payment was unapproved, the bank still processed it, the hospital's court filing claims.

The bank managed to recover about $400,000 but the hospital, claiming breach of contract, is seeking to recover its full losses from the bank.

This raises questions about responsibility for losses resulting from cyber hacks.

Bank of America denies most of the allegations, including that it ignored the hospital’s warning not to process the payment.

Read more on cyber crime

The bank’s reputation as a safe place to put money is at stake.         

UK banks are so worried about the reputational damage of successful attacks on them that they are under-reporting cyber fraud. A parliamentary committee was told recently that this is because they don’t want to scare customers.

A University of Cambridge researcher told a Treasury select committee that the amount of money being taken from people's accounts through cyber crime is double the figure reported.

Speaking at a meeting about the treatment of customers by financial firms, Dr Richard Clayton, a senior researcher in security economics at the University of Cambridge, said: “Insiders tell me the going rate is about twice the amount of money [reported by banks] goes walkies out of people’s accounts.” 

Banks keep this secret because a lot of the money is recovered, he added.

Read more on IT for financial services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.