German police are treating the death of a woman at Düsseldorf University Hospital as a homicide after a ransomware attack crippled the facility.
On Sept. 9, a ransomware attack took over the hospital’s computer systems, making them inoperable, according to BBC News. A female patient scheduled for a lifesaving procedure had to be transferred to another hospital 19 miles away in Wuppertal. She died during the trip.
Ransomware attacks involve hackers taking over a computer system and encrypting all of its data. They then demand payment for the decryption key, generally in bitcoin.
The BBC cited local reports claiming the hackers actually intended to attack a university, not a hospital, and turned over the software key without payment after discovering the mistake.
Disturbingly, the report also quoted Arne Schönbohm, president of the German Federal Office for Information Security, as saying that the agency had warned the hospital about the security hole that the ransomware gang exploited as early as January.
Ciaran Martin, former CEO of the UK’s National Cyber Security Centre called it “the first known case of a death directly linked to a cyberattack,” in a speech nine days later, according to MIT Technology Review.
Hospitals not off limits
Regardless of whether the Düsseldorf attack was intentionally targeted a hospital, plenty of other cyberthieves have shown no compunctions about doing so. Ransomware attacks on healthcare facilities increased by 35% between 2016 and 2019, according to digital threat management firm RiskIQ.
In a report released in April blockchain intelligence firm Chainalysis quoted Bill Seigel, CEO of ransomware incident response firm Coveware, as saying, “[h]ealthcare providers remain a frequent target, but the stakes are much higher now,” during the COVID-19 pandemic. “More people will probably care if a big hospital is attacked and patient care is impacted, but criminals don’t seem to care.”
Other hospitals attacked by ransomware include the Champaign-Urbana Public Health District, near Chicago, which paid a $350,000 ransom in March. That same month, cyberthieves shut down Brno University Hospital, a major Czech medical center, for several days. As in Dusseldorf, ambulances had to be rerouted and patients transferred to other facilities.