Critically Ill Patient Dies After Hackers Disable Hospital Computers
The death of a critically ill patient in Germany following a cyber attack could be the first known case of a life being lost as a result of hacking.
The female patient was due to have lifesaving treatment at Düsseldorf University Hospital on September 11, but a ransomware attack the day before had scrambled data and made computer systems inoperable.
As a result of the hack, doctors could not admit the patient and had to transfer her to another hospital 30km (19 miles) away. The journey prevented the woman from getting the lifesaving treatment she so desperately needed, and she passed away in a hospital in Wuppertal.
Prosecutors in Cologne have officially launched a negligent homicide case saying the hackers could be blamed. Detectives are collaborating with cyber-security experts to determine whether there is a link between the hack and the patient’s death.
Ciaran Martin, former chief executive of the UK’s National Cyber Security Centre, said that if the hackers are found to be responsible it would mark the ‘first death directly caused by a cyber-attack’.
The hospital is also likely to be investigated.
Arne Schönbohm, president of Germany’s national cyber-security authority, said officials came on site to help the hospital’s IT staff rebuild systems.
He warned other organisations to better protect themselves as hackers took advantage of a well-known vulnerability in a piece of VPN (virtual private network) software developed by Citrix, BBC News reports.
In a statement, Schönbohm commented:
We warned of the vulnerability as early as January and pointed out the consequences of its exploitation. Attackers gain access to the internal networks and systems and can still paralyse them months later.
I can only stress that such warnings should not be ignored or postponed, but need appropriate measures immediately. The incident shows once again how seriously this risk must be taken.
Martin said it is ‘not surprising’ that the cause of the issues was a ransomware attack by criminals ‘rather than an attack by a nation state of terrorists’.
Although the purpose of ransomware is to make money, it stops systems working. So if you attack a hospital, then things like this are likely to happen. There were a few near misses across Europe earlier in the year and this looks, sadly, like the worst might have come to pass.
Local reports cited by the BBC suggest the hackers did not intend to attack the hospital and were instead trying to target a different university.
In a digital note sent during the attack, the hackers demand payment from Heinrich Heine University, an affiliated but different location to the hospital. Once they realised their mistake, they reportedly gave the hospital the decryption key without demanding payment, then disappeared.
If you have a story you want to tell, send it to UNILAD via [email protected]