A Hospital Hack Caused A Patient To Die

German police have now begun an investigation after hackers took-down the computer systems at Düsseldorf University Hospital and a woman patient died while doctors attempted to transfer her to another hospital. The female patient was suffering from a life-threatening illness and was due to have life-saving treatment, but had to be turned away on the night of 11 September by the city’s university hospital and she died after the ambulance carrying her was diverted to another hospital (20 miles) away.

Medical staff believe the woman died from the delay in treatment after hackers attacked a hospital’s computer system. 

Cologne prosecutors have now officially launched a negligent homicide case saying that the hackers could be blamed for the death. One expert said, if confirmed, it would be the first known case of a life being lost as a result of a hack.

The ransomware attack hit the hospital on the night of 9 September, scrambling data and making computer systems inoperable. Such attacks are one of the most serious threats in cybersecurity with dozens of high profile attacks so far this year. The attackers can demand large payments in crypto-currency Bitcoin in exchange for a software key that unlocks IT systems. 

Some local reports suggest the hackers did not intend to attack the hospital and in fact were trying to target a different university. Once the hackers had realised their mistake it is reported they gave the hospital the decryption key without demanding payment before disappearing.

Germany’s cyber security agency, the Federal Office for Information Security, was called in to shore up the hospital’s systems. Its chief, Arne Schönbohm, said the Citrix flaw had been known about since December 2019 and called on healthcare facilities not to delay IT security upgrades.

Ciaran Martin who stepped down as the head of Britain’s National Cyber Security Centre recently said, “If confirmed, this  tragedy would be the first case I know of, anywhere in the world, where the death of a human life can be linked in any way to a cyber-attack,” he told a Royal United Services Institute event in London.

“The bad news is that causing disruption, pain and economic harm through cyber-attack and even putting small numbers of people indirectly at risk as we’ve seen with ransomware remains too easy for my liking ... The better news is that killing large numbers of people by cyber-attack deliberately remains thankfully quite hard.... The capabilities to do it are in the hands of only a very small number of nation-states and it is currently not in the interest of any of them any more than it is to fire live rounds at their adversaries.”

Martin also said that although in his time as NCSC chief executive he never had to declare a “category one” cyber-attack, the most severe type of national incident, it did not mean they may not in the future.

BBC:       Guardian:       NY Times:    Shropshire Star

You Might Also Read: 

Easy: Hackers Take Down A Hospital:

 

« Cyber Security Should Be A Mandatory Requirement
Foreign Influence In The American Election Of 2020 Is Declining »

Perimeter 81

Directory of Suppliers

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Bonwyke

Bonwyke

Bonwyke's Window Film Signal Defence system protects against cyber surveillance from leakage of RF and IR signals from computers and mobile devices.

Lorega

Lorega

Lorega is an independent insurance claims company. We offer a range of products that are available through UK insurance brokers, including providing assistance to businesses following a cyber attack.

TrustPort

TrustPort

TrustPort provide advanced antivirus and anti-malware protection, intrusion detection systems and intelligent network monitoring and network behavior analysis.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.