A patient seeking emergency treatment in Germany died during a ransomware attack on the Duesseldorf University Hospital, The incident marks the first-ever reported human death indirectly caused by a ransomware attack. It was widely reported on Thursday.
The hospital couldn’t accept emergency patients because of the attack and forced her to obtain services from a more distant health care facility around 20 miles away. German authorities are investigating the death of the patient.
The patient, recognized as a woman who needed urgent treatment, died after being re-routed to a hospital in the city of Wuppertal, more than 30 km away. Resulting in about a one-hour delay in treatment. She died.
German authorities are investigating the unknown perpetrators on mistrust of careless crime, the Associated Press, German news outlet NTV, and others reported on Thursday. However, the cyberattack was not intended for the hospital, as per the report from the German news outlet RTL.
The ransom note was addressed to Heinrich Heine University. The attackers stopped the attack after authorities told them it had shut down a hospital.
Hospitals are one of the greatest targets for cyberattacks. Cybersecurity experts have warned for years that most hospitals aren’t prepared for this. As they rely heavily on devices, like radiology equipment, that is mostly connected to the internet.
“If systems are disrupted over the internet, by an adversary or an accident, that can have a profound impact on patient care,” says Beau Woods, a cybersecurity advocate and cybersafety innovation fellow with the Atlantic Council, told The Verge.
Report from the North Rhine-Westphalia state justice minister said. That the attack hit its network and infected more than 30 internal servers and left a note instructing the Heinrich Heine University.
Die Sicherheitslücke befand sich in marktüblicher und weit verbreiteter kommerzieller Zusatzsoftware. Bisher gibt es keine Anhaltspunkte dafür, dass Daten unwiederbringlich zerstört worden sind. Für das Abfischen von konkreten Daten gibt es nach heutigem Stand keine Belege. (2/4)
— Uniklinik Düsseldorf (@UniklinikDUS) September 17, 2020
The Duesseldorf hospital was unable to receive her as it was dealing with a ransomware attack that hit its network and infected more than 30 internal servers on September 10, last week.
Duesseldorf police eventually communicated with the attackers and told them that the attack had hit a hospital treating emergency patients, not the university.
The attackers reportedly retreated the extortion demand and gave a decryption key to unlock the servers. The justice minister report said that the attackers are no longer reachable.
German authorities are still investigating this woman’s death. If the ransomware attack and the hospital downtime are found to have been directly at fault for the woman’s death, German police said it plans to turn their investigation into a murder case.