Mistaken Hospital Ransomware Attack Leads to Tragic Consequences
The ultimate mistake was made in Germany recently by a group of hackers using ransomware. The mistake ended up causing the death of a woman who was seeking emergency treatment at a hospital in Dusseldorf. And the kicker is the hospital in this story wasn’t even the intended victim in this case.
Alyse Stanley wrote a story for gizmodo.com that details the attack. A woman seeking urgent care died after a bungled ransomware attack took down a major hospital in Germany. The attack disrupted the IT systems at Duesseldorf University Clinic, crippling its ability to access data and forcing it to postpone all scheduled operations and send emergency patients 20 miles away for treatment, according to several news outlets.
It appears to be the first case of someone dying as a result of a ransomware attack, albeit indirectly, and German authorities are investigating the unknown hackers on suspicion of negligent manslaughter, the Associated Press reports.
Apparently the hackers intended to extort a university, not the connected hospital. Officials said on Twitter that “there was no concrete ransom demand” of the hospital and no data was stolen.
An extortion note left on one of the 30 servers crippled in the hack further supports that theory. It’s addressed to the Heinrich Heine University, an affiliate of the clinic, according to a report from North Rhine-Westphalia state’s justice minister, per AP. The note tells the university to get in touch but doesn’t list any demands, which only brings up more questions.
One Crime Led to the Next
Local police were eventually able to get in contact with the perpetrators to tell them they were endangering the hospital’s patients. The attackers reportedly dropped the extortion attempt and provided a decryption key to unlock all hacked servers. Authorities have since lost contact with them, according to the justice minister’s report.
Prosecutors launched an investigation against the unknown perpetrators on suspicion of negligent manslaughter because a patient in a life-threatening condition who was supposed to be taken to the hospital last Friday night was sent instead to a hospital in Wuppertal, a roughly 32-kilometer (20-mile) drive. Doctors weren’t able to start treating her for an hour and she died.
As ransomware attacks have crippled cities, school districts and businesses, the death was no surprise to Brett Callow of Emsisoft, a cybersecurity firm that closely tracks ransomware.
“This was pretty much inevitable,” Callow said.
In the United States alone, 764 healthcare providers were victimized last year by ransomware, according to data compiled by Emsisoft. It was not the first time an emergency patient had to be rerouted to a different hospital in response.
While the incident appears to have been a fatal mix-up, ransomware attacks have grown steadily more frequent globally. Dozens of entertainment companies were hit in May. Other ransomware victims including the watchmaker Garmin, the foreign exchange company Travelex, and the network powering the Texas court system, just to name a few. Hackers reportedly raked in millions of dollars from these attacks, which explains why more and more bad actors are risking jail time to get a juicy cut.
read more at gizmodo.com