Prosecutors are investigating a ransomware attack on Düsseldorf University Hospital to determine the patient’s cause of death.
The hospital experienced a ransomware attack on September 10 which infected over 30 servers and hindered their ability to receive emergency patients. Initial reports claim the cyber attack may have been trying to target neighboring Düsseldorf University, and the hospital was accidentally encrypted during the ransomware attack.
Police may consider the ransomware attack a negligent manslaughter case if the hospital downtime and necessitated re-routing to another healthcare facility is determined to be responsible for the patient’s death.
The patient who died has been identified as a woman in need of urgent medical care. She died when her treatment was delayed for an hour after being transported to a hospital about 20 miles away from the Düsseldorf hospital.
This instance is a tragic example of the potentially life threatening implications of ransomware attacks. The ransomware attack was not intended for the hospital, according to the German news outlet RTL and the attackers stopped the attack after authorities informed them they had affected a hospital.
However, hospitals are increasingly frequent targets of ransomware attacks. Due to their heavy reliance on internet connected devices and technology for critical patient care, any disruption can have devastating repercussions on patients.
If ransomware encrypts files and PII (Personally Identifiable Information) of a healthcare facility, medical staff are unable to carry out critical procedures and attend to patients in a timely and life saving manner.
Implementing and maintaining strong healthcare security infrastructure is crucial to protecting patients.
At Proven Data, we are committed to helping healthcare facilities proactively protect themselves and their patients from cyber attacks.
Our commitment to healthcare cyber security includes offering free ransomware recovery services for hospitals during our COVID-19 relief initiative to continually providing insight into the growing ransomware risks hospitals are facing.
There are several common ways ransomware attacks happen and methods to prevent them. Medical facilities should follow proper healthcare cyber security practices which can defend their data in a ransomware attack.
Reporting ransomware to law enforcement is critical. In the Düsseldorf hospital case, ransomware attackers withdrew the ransom demand and provided a decryption key when contacted by the German police. Law enforcement is not able to provide such direct results in every case, but all organizations should know how to report a ransomware attack as a part of their incident response plan.