Ransomware Attack Leads to Hospital Patient Death
A woman died after she was diverted to another facility 20 miles away when a ransomware attack shut down the university-affiliated hospital where she was being admitted.
Düsseldorf, Germany — Much of the world is still in flux and reeling from the health and economic effects of COVID-19, and cybercriminals are unfortunately taking note and attacking when we’re most vulnerable.
Hackers and other bad actors are targeting remote workers, educational institutions and healthcare facilities at a time when each are critically important to our continuity. And, according to reports, attacks on healthcare facilities are beginning to cost lives.
The Verge, citing the Associated Press and German News Outlet RTL, reported that a woman in Germany died because the Duesseldorf University Hospital was hit by a ransomware attack couldn’t accept emergency patients, so she was sent to another facility 20 miles away.
When the hackers were notified that their attack shut down a hospital rather than a university that was the original target, they stopped the attack.
According to the Associated Press, hackers were able to gain access to the system via weak spot in some unidentified commercial add-on software.
A report from North Rhine-Westphalia state’s justice minister said that 30 servers at the hospital were encrypted last week and an extortion note left on one of the servers, news agency dpa reported. The note — which called on the addressees to get in touch, but didn’t name any sum — was addressed to the Heinrich Heine University, to which the Duesseldorf hospital is affiliated, and not to the hospital itself.
Duesseldorf police then established contact and told the perpetrators that the hospital, and not the university, had been affected, endangering patients. The perpetrators then withdrew the extortion attempt and provided a digital key to decrypt the data. The perpetrators are no longer reachable, according to the justice minister’s report.
Prosecutors launched an investigation against the unknown perpetrators on suspicion of negligent manslaughter because a patient in a life-threatening condition who was supposed to be taken to the hospital last Friday night was sent instead to a hospital in Wuppertal, a roughly 32-kilometer (20-mile) drive. Doctors weren’t able to start treating her for an hour and she died.
Cyberattacks of all kinds are increasing at a rapid pace since the start of the coronavirus crisis. Cybersecurity and antivirus company Bitdefender found that pandemic-related attacks increased five-fold in the first two weeks of March. In May and June, an average of 60% of all received emails were phony.
This latest case shows that having good cyber defenses in place can literally be the difference between life and death.
The financial costs associated with data breaches and ransomware attacks are high. On average, data breaches cost $3.86 million each, according to a study conducted by IBM. The death in Germany, however, might be one of the first fatalities directly linked to a ransomware attack.
This article originally ran in CS sister publication MyTechDecisions.com. is TD’s web editor.