Cyber attack linked to death of woman at hacked German hospital

A woman has died in Germany after a cyber attack at the Düsseldorf University Clinic (DUC) caused

her to be turned away for emergency medical treatment at the hospital earlier in September.

 

The ransomware attack caused the hospital’s systems to go down and so patients were rerouted to alternative healthcare settings.

 

A police investigation was launched following the woman’s death, which occurred after she was

forced to travel for an hour to a hospital 20 miles away in Wuppertal.

 

But the attack may have been misdirected, reports have suggested. According to Infosecurity

Magazine, a ransom note was left on one of the hospital’s servers addressed to Heinrich Heine

University, with which the DUC is affiliated. After Düsseldorf police contacted the attackers and

informed them of the impact on the hospital, a digital decryption key was supplied and no money

extorted. But no further communication was then possible.

 

Experts are understood to have been drafted in by detectives in order to determine whether

there is a link between the attack and the death.

 

In a statement reported by the BBC the President of Germany’s national cyber-security authority,

Arne Schönbohm, said the hackers exploited a previously publicised VPN vulnerability:

 

“We warned of the vulnerability as early as January and pointed out the consequences of its

exploitation. Attackers gain access to the internal networks and systems and can still paralyse them

months later.

 

“I can only stress that such warnings should not be ignored or postponed, but need appropriate measures immediately. The incident shows once again how seriously this risk must be taken.”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.