A ransomware attack on a hospital in Germany may have inadvertently led to the death of a patient in what could be the first case of its kind.
Computer systems at Dusseldorf University Hospital suffered such severe disruption in the attack last week that it was unable to accept emergency patients or perform operations. The female patient who died had required urgent treatment, but she was redirected to another medical facility about 18 miles away as the hospital was unable to admit such cases.
In a tweet posted on Thursday, September 17, officials at the medical facility said hackers targeted a vulnerability in widely used commercial software, though didn’t name it.
Thirty servers at Dusseldorf University Hospital were encrypted by the hackers, according to German news outlet RTL.
But it appears the perpetrators may have mixed up their target, as a ransom note found on one of the hospital’s servers was addressed to nearby Heinrich Heine University, with which the hospital has connections.
When investigators discovered the note, they reached out to the hackers to tell them their actions were endangering the lives of patients. The hackers responded by providing the decryption key, but it was too late for the woman who had been unable to receive emergency treatment at the earliest possible opportunity.
The incident is still under investigation, but if a clear link is made between the cyberattack and the woman’s death, manslaughter charges could be brought against anyone charged in connection with the crime.
Ransomware, which can be delivered to a computer system in a number of ways, encrypts files to prevent access, with hackers demanding payment in exchange for a decryption key.
From tech companies and financial businesses to shipping firms and, indeed, hospitals and universities, ransomware attacks are on the increase as hackers look for quick ways to obtain money from their victims. With proper back-ups, many of those who fall prey to ransomware attacks can restore their systems, though it can be a troublesome process. But without proper measures in place, victims are left with the awful choice of losing their data, or handing over a big chunk of cash to regain access.