A ransomware attack that hit the systems of a hospital in Düsseldorf may have resulted in the death of a patient after the woman had to be transferred to another hospital in critical condition.
On September 10, the University Hospital Düsseldorf stated that there was one extensive IT outage was going on, which meant that the clinic was only accessible to a limited extent. The hospital canceled all appointments, advised patients not to come and discontinued emergency care.
On Thursday, the hospital announced that it was a cyber attack and that IT people can slowly but surely restore the systems and provide access to data. According to the university hospital, the perpetrators would not demand a ransom. According to the hospital, the attack could take place via a vulnerability in commercial software used worldwide. “Before the software company finally closed this leak, there was plenty of time to penetrate the systems.”
In the night of 11 to 12 September, a patient had to be rushed to the University Hospital Düsseldorf, but due to the ransomware attack, the ambulance had to divert to the hospital in Wuppertal. Her treatment therefore took place an hour later. According to the German NTV, the German police are investigating negligence because the woman died after she was transferred.
According to a report by the Attorney General, the ransomware encrypted thirty servers in the clinic and requested the perpetrators to contact them, without demanding another ransom. That message turned out to be addressed to the Heinrich Heine University in Düsseldorf. After the police contacted the blackmailers and made it clear to them that it was not the university but a hospital that had been affected, the perpetrators reportedly handed over the key to release the systems. After that, they wouldn’t have responded.
–