According to the Associated Press, a female patient in Germany has just died as a result of a ransomware attack. The heartbreaking incident took place at the University Hospital Duesseldorf (Germany), when the hospital’s information technology system was interrupted by hacker attacks.
Specifically, through the undetected vulnerability of a software used in the hospital, hackers got into the system and encrypted all patient data with a ransomware ( Ransomware).
A series of emergencies had to be diverted to other hospitals when Duesseldorf University hospital was unable to accept patients due to systemic failure.
As a result, Duesseldorf University hospital was unable to receive patient treatment because doctors could not access patient data. A series of operations for treatment and surgery were postponed, while emergencies were forced to transfer to other hospitals. This led to a female patient, after being transferred to another hospital 30km away, died of a late emergency.
Died because the hospital was mistakenly attacked by hackers
According to a report from the German RTL, the network of Heinrich Heine University located nearby was actually the target of hackers’ attacks. However, for some reason, these hackers hacked the system of Duesseldorf University hospital.
Specifically, all data on 30 servers of the University Hospital Duesseldorf were encrypted. Like other ransomware attacks, the hacker also leaves a ransom note on one of the servers, asking the victim to send a ransom if he wants to recover the data. However, this message clearly stated that the ‘name’ of the victim was Heinrich Heine University – showing the hackers’ confusion when performing the attack.
After being attacked with ransomware, victims are forced to transfer a cryptocurrency like Bitcoin to hackers if they want to recover the data, or accept permanent data loss.
Notably, the ransom attack stopped after the authorities informed hackers that they accidentally shut down the hospital’s network. The hacker then provided a digital key to decrypt the data. According to representatives of the University Hospital Duesseldorf, the patient’s data was then restored to normal. However, the Duesseldorf city police were unable to track the hackers.
According to The Verger, this could be the first death directly related to a cyberattack on a hospital. Currently, the German authorities are still investigating the death of this woman. If the hospital transfer is found to be the cause of the patient’s death, the police can treat the cyber attack as a murder.
Hospitals are unprepared for cyber attacks
Medical facilities have long been one of the biggest targets of cyber attacks. Over the years, cybersecurity experts have warned many times that most hospitals are not well prepared to respond to such attacks.
Meanwhile, hospitals themselves rely heavily on devices such as x-ray equipment, which are often connected to the internet. Without these devices, they cannot treat the patient.
“If the systems go down, by hackers or inadvertently, this could have a serious impact on patient care,” Beau Woods, a cybersecurity expert told The Verge last year.
Internet-connected medical devices can be ‘good prey’ for hackers, leaving the lives of patients at risk.
Worth mentioning, even attacks that target patient data and do not directly impact medical devices, can affect the patient’s health. One study found that the death rate in hospital due to a heart attack has increased year by year since the time patient data stored in the system was attacked. The reason is that hospitals have to redirect resources in response to a cyberattack, or have to carry out software upgrades that are invisible to the doctors’ treatment of patients.
In fact, a number of major cyber attacks, such as the 2017 WannaCry ransomware attack, have paralyzed the networks of major hospitals. Remember at that time, the WannaCry malware crashed the NHS (National Health Service) system of the UK, affecting thousands of patients in this country.
Although there have been no deaths directly related to this attack, most experts warned it was only a matter of sooner or later.
Refer to The Verge