A ransomware attack on the University Clinic in Düsseldorf, Germany cost one patient their life and left hospital staff scrambling to treat others.
The patient, who required emergency medical treatment for a life threatening condition, had to be rerouted to an alternate facility in Wuppertal, approximately 21 miles away.
The transfer to another facility resulted in a 1-hour delay in receiving treatment and the patient later died.
Ransomware attacks on hospitals result in essential systems crashing, communication systems being forced offline, and patient records become inaccessible by hospital staff.
These highly disruptive attacks slow down or halt patient care initiatives and even require some patients to be transferred to other locations, as in the instance at the University Clinic in Düsseldorf, Germany on September 10, 2020.
The attack completely crippled the clinic’s system by exploiting a vulnerability in the “widely used commercial add-on software” to gain access to the network.
As the attack commenced, the hospitals systems began crashing one by one from communications to medical records.
The hospital was forced to no longer accept patients coming in for emergency-care, they postponed appointments and outpatient care, and all patients were asked not to visit the medical clinic until the attack was resolved.
It took the hospital over a week to recover from the attack and restart essential systems.
According to a report by the Associated Press, a ransom demand was found on one of the 30 encrypted servers.
When the hospital received the ransom note, they informed law enforcement who made contact with the attackers using the information on the note.
Apparently the attackers intended to hack into the Heinrich Heine University in Düsseldorf, not the hospital.
In fact, the ransom note was addressed to the University who is affiliated with the hospital.
The attackers made contact with the hackers and notified them that the hospital was effected and patient safety and care was at risk.
When the attackers discovered that the attack effected the hospital, and not the university as intended, they did not attempt to extort money and supplied the keys to the decrypt files.
Law enforcement was unable to maintain any contact with the hackers after the decryption keys were provided.
If the hackers were to be found, charges of negligent homicide would be brought against them.
This was the first known ransomware attack on a healthcare facility that resulted in a patient death but ransomware attacks cripple hospitals more and more often.
These events are tragic and inevitable and even though several ransomware gangs have publicly said they would not conduct attacks on medical facilities, we see firsthand how it can still happen.
Even if decryption keys are provided to decrypt files, recovering from this type of attack is not a quick process and is costly not only to the hospital, but to the patients and can prove to be detrimental.