A cyberattack that hit a German hospital may have led to a woman's death
- A hospital in Düsseldorf was hit by a ransomware attack on Thursday last week.
- The attack meant the hospital was unable to accept emergency patients, so a woman in need of urgent care had to be taken to a hospital 20 miles away and subsequently died.
- The state prosecutor is currently investigating the cause of death to determine whether a charge of negligent manslaughter will be brought against the hacker or hackers.
A hospital in Düsseldorf was hit by a ransomware attack on Thursday last week, and a woman died as the hospital struggled to come back online.
According to a report from the state of North Rhine-Westphalia's justice minister, the attack encrypted 30 servers at the hospital, making them inaccessible.
German news media and the Associated Press report that while the Universitätsklinikum Düsseldorf IT systems were paralyzed it was unable to accept emergency patients, meaning a woman brought in on Friday night and in need of urgent admission died after she had to be taken to a hospital in neighboring Wuppertal, 20 miles away.
A ransomware attack is a kind of cyberattack where the attackers steal an organization's data or cripple its IT systems, demanding a ransom in return for restoring the data or systems.
Per local reports, the attacker seems to have targeted the hospital by mistake. The ransom note accompanying the attack was addressed to the Heinrich Heine University, to which the hospital is attached.
The police reportedly managed to make contact with the hacker and inform them they had hit the hospital, not the university. The hacker then withdrew the attack and provided a key to decrypt the data they had stolen.
Local news site the Rheinische Post reported the state prosecutor is conducting an investigation into the cause of death to determine whether a charge of negligent manslaughter will be brought.
The hospital said in a statement on Thursday that the weakness exploited by the hacker had been in some widely-used add-on software, although it did not name the software. Germany's cybersecurity ministry also issued a statement about the attack on Thursday, saying that back in January it had warned of a vulnerability in VPN software provided by Citrix Systems.
This is not the first time a hospital has been hit by a ransomware attack — in 2017 the WannaCry ransomware virus was used to target hospitals in more than 150 countries — but it does appear to be the first reported case of a cyberattack potentially being directly responsible for a person's death.