BERLIN: A woman in need of urgent care died after a Dusseldorf hospital’s computer systems were hacked, preventing the patient from receiving the treatment she needed, and marking a rare case in which ransomware has led to death.
The ransomware attack that exploited a vulnerability in a “widely used commercial add-on software” caused Duesseldorf University Clinic’s IT systems to crash, the hospital said. As a result, the medical facility wasn’t able to access data, and emergency patients were rerouted to other hospitals. The hack also forced the hospital to postpone operations.
Tragically, one death has been attributed to the cyber attack, after a woman in need of emergency care had to be rushed to another city for treatment. The patient was transported 32 kilometers (20 miles) to a hospital in Wuppertal, with doctors saying that the delay was fatal. A homicide investigation has been opened in connection with the incident and the hospital says it will take time before it can resume normal operations.
The hackers were able to encrypt 30 servers at the hospital, essentially holding the facility’s data hostage. According to the Dusseldorf hospital, the ransomware – which is usually used to extort money – came with “no concrete demand,” but instead provided instructions on how to contact the hackers. The note was left at Heinrich Heine University, which is affiliated with the hospital.
German investigators contacted the hackers and explained that they had targeted the hospital, and not the university, endangering the lives of patients. The perpetrators then provided a digital key to decrypt the data. The hackers then broke off communication and law enforcement haven’t been able to track them down.
The hospital said that its systems were being gradually restored and that it doesn’t believe that any of the affected data will be irretrievably lost.