Patient Died Because of a Hospital Ransomware Attack

Patient safety is at risk because of ransomware attacks on hospitals. File encryption leads to the crash of essential systems and breakdowns in communication systems, which prevent clinicians from being able to access the patients’ health records.

Very disruptive attacks can compel hospitals to bring patients to other facilities, which lately occurred in the University Clinic based in Düsseldorf, Germany because of a ransomware attack. One patient who needed emergency medical attention to address a fatal condition was rerouted to another facility in Wuppertal, roughly 21 miles away. Because of the redirection, there was a one-hour delay in giving treatment and the patient eventually passed away. The death may have been avoided if the patient received treatment sooner.

The ransomware attack that happened on September 10, 2020 completely disabled the clinic’s systems. Investigators confirmed that the attackers got access to the network by exploiting a vulnerability present in a popular commercial add-on software. As the encryption took its course, the hospital systems started to crash making the medical records unavailable.

The medical clinic had to hold registration for emergency care, delayed doctor visits, and outpatient care. All patients were informed that visits to the medical clinic will be on hold until the attack was resolved. After a week, the hospital still has not resumed normal functions, though the hospital has begun to reactivate crucial systems.

As per the latest Associated Press statement, the attack affected 30 servers at the hospital. The attackers’ ransom demand was discovered on an encrypted server. The hospital notified the police authorities which used the information in the ransom note to contact the attackers.

It would seem that the attackers had no intention of attacking the medical clinic since the ransom note was meant for Heinrich Heine University in Düsseldorf. Law enforcement authorities told the attackers that the attack affected the hospital and put patient safety in danger.

The attackers provided the files decryption keys and did not push through with the extortion. It was not possible to contact the attackers after this. Law enforcement is still investigating the attack and there is a possibility of filing charges on the attackers for negligent homicide.

So far there are no confirmed incidents of ransomware attacks on healthcare providers that caused the death of a patient. However, when ransomware attacks disable hospital systems, patients cannot receive treatments for fatal conditions, which may lead to tragic events.

A number of ransomware groups have made public statements that they won’t perform any attack on healthcare facilities if it will affect hospital systems. Moreover, the gangs will provide the keys to decrypt files for free. Nonetheless, whether or not decryption keys are provided, it is not easy to recover from an attack. Some ransomware groups made no such statements and still attack medical facilities.