Patient Dies In Germany After Hospital Ransomware Attack

ransomware

Real world consequence of ransomware attacks. A female patient has died as a result of a cyberattack at a German hospital

German authorities have reportedly said a cyberattack on a major hospital in Duesseldorf, resulted in the death of a female patient.

According to the Associated Press, the cyberattack caused a failure of IT systems at Duesseldorf University Clinic, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

This tragic incident demonstrates the capability of online attacks by cyber criminals causing real-world destruction and in this case death.

Hospital attack

Duesseldorf University Clinic’s IT systems have been disrupted for a week after they suffered a ransomware attack.

The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in “widely used commercial add-on software,” which it didn’t identify, AP reported.

As a consequence, systems gradually crashed and the hospital wasn’t able to access data. This meant that emergency patients were taken elsewhere and operations were postponed.

It added that the woman’s death appeared to be the first resulting from a ransomware attack, even if indirectly so.

The hospital reportedly said that that “there was no concrete ransom demand.” It added that there are no indications that data is irretrievably lost and that its IT systems are being gradually restarted.

So what exactly happened at the hospital? Well according to North Rhine-Westphalia state’s justice minister, 30 servers at the hospital were hit last week and encrypted.

A ransom demand was left on one of the servers, news agency dpa reported. The note was apparently addressed to the Heinrich Heine University, to which the Duesseldorf hospital is affiliated, and not to the hospital itself.

Duesseldorf police then contacted the attackers and told the criminals that the hospital, and not the university, had been affected, endangering patients.

The criminals then withdrew the extortion attempt and provided a digital key to decrypt the data.

The criminals are no longer reachable, according to the justice minister’s report.

That could be because Cologne prosecutors have officially launched a negligent homicide case, saying the hackers could be blamed.

The patient who died had a life-threatening condition and she was supposed to be taken to the hospital last Friday night, but instead had to be sent to a hospital in Wuppertal, approximately 32km (20-mile) drive away.

This delay meant that doctors weren’t able to start treating her for an hour and she died.

Hospital attacks

Ransomware attacks against hospitals have been ongoing for a while now.

The global WannaCry ransomware attack in May 2017 disrupted operations at around 34 NHS trusts in the UK, preventing staff from accessing patient data and carrying out critical services.

In the US alone, 764 healthcare providers were hit by ransomware last year, according to data compiled by Emsisoft.

Indeed in October 2019, three hospitals in the US state of Alabama were forced to temporarily close their doors to the admission of new patients because of a ransomware attack.

And one security expert warned of the life-and death nature of these type of attacks against critical infrastructure.

“When cyberattacks impact critical systems, there can be real-world consequences,” explained Tim Erlin, VP at Tripwire. “We’re not used to thinking of cyberattacks in terms of life and death, but that was the case here. Delays in treatment, regardless of the cause, can be life-threatening.

“Ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means,” said Erlin. “While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the infection in the first place. And the best way to prevent ransomware infections is to address the infection vectors by patching vulnerabilities, ensuring systems are configured securely, and preventing phishing.”