A US hospital is suing Bank of America for alleged failings in relation to a cyber attack that led to losses of more than $1m.
In 2013, Chelan County Hospital lost about $1m when cyber criminals put unauthorised payments into its payroll system, according to website krebsonsecurity.com.
Hackers accessed the hospital’s payroll to get Bank of America to transfer the funds to them. According to papers filed at the US district court in Washington’s eastern district, about $400,000 was lost on one day and then the next day, when a suspicious payment for about $600,000 was noticed, the hospital contacted the bank.
Despite the hospital confirming that the payment was unapproved, the bank still processed it, the hospital’s court filing claims.
The bank managed to recover about $400,000 but the hospital, claiming breach of contract, is seeking to recover its full losses from the bank.
This raises questions about responsibility for losses resulting from cyber hacks.
Bank of America denies most of the allegations, including that it ignored the hospital’s warning not to process the payment.
The bank’s reputation as a safe place to put money is at stake.
UK banks are so worried about the reputational damage of successful attacks on them that they are under-reporting cyber fraud. A parliamentary committee was told recently that this is because they don’t want to scare customers.
A University of Cambridge researcher told a Treasury select committee that the amount of money being taken from people’s accounts through cyber crime is double the figure reported.
Speaking at a meeting about the treatment of customers by financial firms, Dr Richard Clayton, a senior researcher in security economics at the University of Cambridge, said: “Insiders tell me the going rate is about twice the amount of money [reported by banks] goes walkies out of people’s accounts.”
Banks keep this secret because a lot of the money is recovered, he added.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK