In the Cyber Age, legislative and regulatory bodies must play a perpetual game of catch-up, chasing dexterous bad actors whose evolving tactics and capabilities outpace the legal response. Victims are often left stranded in extremely vulnerable positions, seemingly without recourse. A strong and willing plaintiffs’ bar may be the victims’ best, or only, option for recovery. And the lawyers’ best tool is often one that already exists—common law negligence.

On Sept. 17, hackers paralyzed a German hospital with a ransomware attack, requiring the transfer of critically ill patients to another nearby hospital. Tragically, and avoidably, one patient died en route. Her death was a direct and foreseeable consequence of the cyberattack, but also of the hospital’s failure to safeguard its systems. German cybersecurity authorities determined that the hackers exploited a vulnerability in the hospital’s VPN software, which allowed the ransomware to enter the network.