Hacked Hospital Results in Patient Death

A hospital in Germany suffered a ransomware attack that resulted in the death of one of their patients. University Hospital of Düsseldorf Germany suffered a ransomware attack on September 9th. Hackers disabled hospital computers and caused emergency patients to be transferred to other hospitals. A female patient who was scheduled to receive a lifesaving treatment, had to be transferred to a neighboring hospital 20 miles away. German authorities are treating the incident as a negligent homicide.

This is the first recorded case of a death directly resulting from a malware attack. The BBC reports they had other near death incidents of critical care patients forced to be transferred from a hospital that had been attacked, but this was the first known death.

Phishing and malware attacks have been on the rise since the start of the pandemic. Hackers attack hospitals and medical facilities looking for sensitive personal and medical data. Hospital staff are under increased stress, and are more likely to click on something they would not normally click on, opening the doors for hackers to come in.

The hackers took advantage of well-known vulnerabilities in VPN software from Citrix. The software is used by government agencies, educational institutions, hospitals, and major corporations. Citrix patched the vulnerabilities in January, but not all businesses keep up on patching and updating. Germany’s national IT security group is assisting the hospital to recover from the incident and collect forensic data. When the hackers were informed of the outcome of their attack, they dropped the ransom and provided the decryption key before disappearing.

This is a tragic overlap of the stories we have been following all summer. We have seen malware attacks increase every month. We have seen attacks on small businesses and even cities who are often too small to keep an IT specialist on staff. Many of these businesses are large enough to house a server with client data, and a network of workstations, but are not able to support the technology after the initial investment. When vulnerabilities are found and patched, the news of these vulnerabilities is reported in the IT news industry. Hackers then go looking for computer systems that have not been updated and attempt to exploit these systems and data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright