Update Nov. 12, 2020: After ongoing investigation, police have dropped the claim that the ransomware attack on Düsseldorf University Hospital was responsible for a patient’s death.
Police cite the patient’s medical condition as the sole cause of death, stating that the delay in treatment due to the ransomware attack was not linked to the patient’s demise. The original charges of negligent manslaughter have been dropped, but German law enforcement is still investigating the case.
Nevertheless, this case must serve as a warning to the healthcare industry that it is only a matter of time before a disruption in patient care has deadly consequences.
A patient has died following a ransomware attack on a German hospital. The death is potentially the first fatality linked to a cyber attack on a hospital. Prosecutors are investigating a ransomware attack on Düsseldorf University Hospital to determine the patient’s cause of death.
The hospital experienced a ransomware attack on September 10 which infected over 30 servers and hindered their ability to receive emergency patients. Initial reports claim the cyber attack may have been trying to target neighboring Düsseldorf University, and the hospital was accidentally encrypted during the ransomware attack.
Police may consider the ransomware attack a negligent manslaughter case if the hospital downtime and necessitated re-routing to another healthcare facility is determined to be responsible for the patient’s death.
The patient who died has been identified as a woman in need of urgent medical care. She died when her treatment was delayed for an hour after being transported to a hospital about 20 miles away from the Düsseldorf hospital.
This instance is a tragic example of the potentially life-threatening implications of ransomware attacks. The ransomware attack was not intended for the hospital, according to the German news outlet RTL and the attackers stopped the attack after authorities informed them they had affected a hospital.
However, hospitals are increasingly frequent targets of ransomware attacks. Due to their heavy reliance on internet connected devices and technology for critical patient care, any disruption can have devastating repercussions on patients.
If ransomware encrypts files and PII (Personally Identifiable Information) of a healthcare facility, medical staff are unable to carry out critical procedures and attend to patients in a timely and life saving manner.
Implementing and maintaining strong healthcare security infrastructure is crucial to protecting patients.
At Proven Data, we are committed to helping healthcare facilities proactively protect themselves and their patients from cyber attacks.
Our commitment to healthcare cyber security includes offering free ransomware recovery services for hospitals during our COVID-19 relief initiative to continually providing insight into the growing ransomware risks hospitals are facing.
There are several common ways ransomware attacks happen and methods to prevent them. Medical facilities should follow proper healthcare cyber security practices which can defend their data in a ransomware attack.
Reporting ransomware to law enforcement is critical. In the Düsseldorf hospital case, ransomware attackers withdrew the ransom demand and provided a decryption key when contacted by the German police.