Hacker holding skull and crossbones sign outside hospital

Ongoing ransomware attack investigation could bring murder charges to the hackers responsible

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

German authorities are currently investigating the death of a female patient in a hospital in Dusseldorf following a ransomware attack.

Due to a ransomware attack that infected more than 30 internal servers on its network, Dusseldorf University Hospital was unable to receive the patient. The woman, only described as in desperate need of urgent medical care, had to be re-routed to a different hospital over 30km away, in the town of Wuppertal, where she then died.

This incident marks the first reported death indirectly caused by a ransomware attack.

If the German authorities find that she died as a direct consequence of not being able to be treated in Dusseldorf Hospital where she was originally planned to be taken, this investigation will be turned into a murder case, German police announced.

However, the attack on the Hospital appears to have been a mistake altogether, with the ransom note being addressed to the University and not the Hospital. An unfortunate error leading to the tragic and needless loss of life.

German police reached out to the hackers and told them that the Hospital, not the University had been affected, and that patients lives were in danger, to which they promptly provided a digital key to decrypt their data.

So, how did the attack begin in the first place?

Hospital officials blamed the ransomware infection on a “vulnerability in a widely used commercial software.”

This then allowed the hackers access to over 30 different servers within the hospital network, which the criminals encrypted, leaving the hospital with no access to them, putting many lives at risk.

Unfortunately, attacks such as these on Hospitals and other healthcare organisations are becoming more and more common. Several hospitals have been hit by ransomware attacks during the COVID-19 pandemic, causing massive disruptions.

Back in May 2017, 34 different trusts of the UK’s NHS had their operations disrupted by the now famous Wannacry ransomware attack, preventing staff from accessing critical patient files and data and carrying out essential services. An attack that caused the NHS over £92 million and caused havoc throughout the organisation.

In the US, 764 hospitals and other healthcare providers were hit with ransomware attacks during 2019, and the estimated $2 billion cost means hackers are seriously incentivised to make these attacks more effective.

One security expert warned of the dangers of these attacks against critical infrastructure.

“When cyberattacks impact critical systems, there can be real-world consequences. We’re not used to thinking of cyberattacks in terms of life and death, but that was the case here. Delays in treatment, regardless of the cause, can be life-threatening.”

Tim Erlin – Vice President, Tripwire

“Ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means,”

“While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the infection in the first place. And the best way to prevent ransomware infections is to address the infection vectors by patching vulnerabilities, ensuring systems are configured securely, and preventing phishing.”

Speaking for the first time since leaving as chief executive of the NCSC Ciaran Martin said ransomware was a “huge problem right now”.

“It (ransomware) is the most likely way someone is going to suffer serious disadvantage, get hurt, or even get killed – which may sadly have just happened for the first time,”.

Ciaran Martin – Former Chief Executive, NCSC

The bad news is that causing disruption, pain and economic harm through cyber attack and even putting small numbers of people indirectly at risk as we’ve seen with ransomware remains too easy for my liking.

“The better news is that killing large numbers of people by cyber attack deliberately remains thankfully quite hard. The capabilities to do it are in the hands of only a very small number of nation-states and it is currently not in the interest of any of them any more than it is to fire live rounds at their adversaries.”

Software vulnerabilities and phishing attacks are the most common attack vectors used during ransomware attacks. Not knowing how to spot a phishing attack could have life-threatening consequences for many organisations.

Could everyone in your organisation spot the tell-tale signs of a very dangerous attack such as this?

Find out in our Free Click-Prone® Test today.