German Hospital Differs in Ransomware Response from American Counterpart

Published: February 25, 2016

German authorities believe a local hospital was the victim of a ransomware attack similar to the one experienced by a Hollywood hospital on Feb. 17.

Hospital officials and German authorities have not followed in the footsteps of their American counterparts, however, when it comes to responding to the attack.

The IT department at Lukas Hospital in Neuss, Germany, realized the hospital had caught some sort of malware on Feb. 10 and “pulled the plug on everything,” according to hospital spokesman Dr. Andreas Kremer. German authorities believe the quick actions may have prevented extensive damage to the hospital’s network and the machines affiliated with it.

Now when someone tries to access the hospital’s network an error message pops up urging the user to contact an anonymous email address to “stop the ransomware,” according to Presumably the hacker intended to demand money through the email address to restore the system.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

The situation is eerily similar to the American ransomware attack that eventually ended when Hollywood Presbyterian Medical Center paid an anonymous hacker $16,664 (or 40 bitcoins) to restore its computer network on Feb. 17. The hacker had initially demanded $3.6 million to erase the virus in that case.

Rather than interact with the hacker, however, Lukas Hospital has decided not to engage in a negotiation at all. Hospital officials and the authorities assisting them (Germany’s State Criminal Investigation Office) have been working to restore the system over the last two weeks and have not contacted the email address.

RELATED: Cybersecurity Report Finds “Healthcare Industry in Turmoil”

Since the hack, staff members have communicated through the phone, fax machines and handwritten notes because the email system still isn’t up and running. Kremer said approximately 85 percent of the hospital’s operations have continued as normal.

The hospital’s security experts have developed a software to cleanse the infected network and scan the servers and devices for additional viruses. Some data was backed up and can be easily restored. Kremer estimates the hospital’s system will be running normally again by the early summer at the earliest.

The German and American responses to similar cases of ransomware offer an interesting contrast as cyber security officials around the world ponder the best way to deal with the growing trend.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series