First Possible Ransomware-Related Death Reported At German Düsseldorf University Hospital
Typically, ransomware attacks that are seemingly on the increase around the globe are the cause of financial loss and lack of productivity. However, a ransomware attack on a hospital in Germany has reportedly led to the first known death indirectly attributed to such attacks.
German authorities are currently investigating a death following the ransomware attack on Düsseldorf University Hospital. Today, German media reported on the closure of the hospital’s emergency room due to the ransomware attack. As it was closed, a woman in need of emergency medical attention was turned away and subsequently succumbed to her illness. Alongside this tragic event, the hospital has not been able to effectively treat and release current patients.
Last week, 30 servers at the hospital were encrypted with a ransom note addressed to an actual university. The attackers left contact information, but no sum of money. Following the woman's death, the police reached out to the perpetrators and informed them that they had hacked into a hospital. The hackers then removed their ransom demands and handed over a key to end the ransomware attack.
At present, it is believed that the hospital was affected by accident, however, that does not excuse the attack. Investigators have now been assigned to look into both the attack and whether the ransomware led to negligent homicide. As for current findings, it has been revealed the attack took place through a Citrix vulnerability, which may be open to exploitation worldwide. Even though the vulnerabilities may have been secured, there are still possible trigger-able exploits already on the inside of systems, so those with vulnerable devices need to audit files and permissions.
Ultimately, this is an awful incident of needless and mindless cyberattacks leading to much worse events. Furthermore, if you do not have to hear about IT security teams and IT in general, then they are doing their jobs well, not wasting funds. Overall, this ransomware death is a harsh reminder of the ramifications when cybersecurity is lacking.