This post was originally published on September 29, 2020.
A woman in Germany has died after a ransomware attack forced a hospital to temporarily shut down its emergency facilities.
The incident, which took place on September 10 but only recently surfaced in local media reports, occurred at Düsseldorf University Hospital.
The hospital’s internal IT systems malfunctioned as a result of the ransomware attack, forcing the facility to close its emergency rooms. As a result, incoming emergency-care patients were diverted to nearby hospitals.
[Interested in the latest cybersecurity news? Sign up for the ExpressVPN Blog Newsletter].
The victim, a 78-year-old woman, required immediate care for an aneurysm. She died after her ambulance was forced to drive an extra 20 miles to get her medical attention in a different city.
German authorities have opened up a “negligent homicide” investigation as a result, on top of existing blackmail and computer hacking investigations. Christoph Hebbecker, a public prosecutor in Cologne specializing in cybercrime, called the inquiry “justified,” although all the facts surrounding the woman’s death aren’t completely clear just yet.
This may be the first confirmed death resulting from a cyberttack on healthcare infrastructure. https://t.co/O2mPziOgJu
— Andrew "Andy" Manoske 🔑 (@a2d2) September 17, 2020
There is evidence to suggest that the hackers didn’t mean to target the hospital. A ransom note left on the infiltrated servers instructed Heinrich Heine University to get in touch with the attackers.
The hospital is affiliated with the university, but they are separate entities. The Düsseldorf police were able to make contact with the hackers and informed them that their attack had crippled a hospital but hadn’t impacted the university. The hackers then provided a decryption key to unshackle the affected servers and withdrew their ransom demands. Since then, they’ve cut off all communication and are no longer reachable.
Hospitals’ high vulnerability
The healthcare sector has largely avoided high-profile cyberattacks, which are typically directed at the finance and insurance industries. But an April 2019 report by The Verge highlights how susceptible it is to nefarious actors. For example, hackers in Israel have developed malware capable of adding the appearance of tumors into CT and MRI scans to result in critical misdiagnoses.
Lots of the equipment used in labs and hospitals is connected to the internet, as it enables faster data sharing and compliance with regulatory requirements such as HIPAA. However, this also makes it vulnerable to cyberattacks designed to steal patient data or cripple emergency systems.
The 2017 WannaCry ransomware attack forced the UK’s National Health Service to run for cover, crippling tens of thousands of hospital computers and resulting in the cancellation of 20,000 appointments. The attacks targeted a vulnerability in Microsoft Windows, the core operating system used by the NHS. As a result, doctors had to resort to carrying lab results by hand in some cases.
However, the WannaCry attack didn’t result in any patient deaths. This incident in Germany might be the first recorded case of a malware attack resulting in someone’s death.
Initial reports suggest that the hospital is at least partially culpable. Patches to fix the vulnerability that the hackers targeted were available for months prior to the incident, with the IT security team either unaware or negligent.