A Hospital Hack Caused A Patient To Die

German police have now begun an investigation after hackers took-down the computer systems at Düsseldorf University Hospital and a woman patient died while doctors attempted to transfer her to another hospital. The female patient was suffering from a life-threatening illness and was due to have life-saving treatment, but had to be turned away on the night of 11 September by the city’s university hospital and she died after the ambulance carrying her was diverted to another hospital (20 miles) away.

Medical staff believe the woman died from the delay in treatment after hackers attacked a hospital’s computer system. 

Cologne prosecutors have now officially launched a negligent homicide case saying that the hackers could be blamed for the death. One expert said, if confirmed, it would be the first known case of a life being lost as a result of a hack.

The ransomware attack hit the hospital on the night of 9 September, scrambling data and making computer systems inoperable. Such attacks are one of the most serious threats in cybersecurity with dozens of high profile attacks so far this year. The attackers can demand large payments in crypto-currency Bitcoin in exchange for a software key that unlocks IT systems. 

Some local reports suggest the hackers did not intend to attack the hospital and in fact were trying to target a different university. Once the hackers had realised their mistake it is reported they gave the hospital the decryption key without demanding payment before disappearing.

Germany’s cyber security agency, the Federal Office for Information Security, was called in to shore up the hospital’s systems. Its chief, Arne Schönbohm, said the Citrix flaw had been known about since December 2019 and called on healthcare facilities not to delay IT security upgrades.

Ciaran Martin who stepped down as the head of Britain’s National Cyber Security Centre recently said, “If confirmed, this  tragedy would be the first case I know of, anywhere in the world, where the death of a human life can be linked in any way to a cyber-attack,” he told a Royal United Services Institute event in London.

“The bad news is that causing disruption, pain and economic harm through cyber-attack and even putting small numbers of people indirectly at risk as we’ve seen with ransomware remains too easy for my liking ... The better news is that killing large numbers of people by cyber-attack deliberately remains thankfully quite hard.... The capabilities to do it are in the hands of only a very small number of nation-states and it is currently not in the interest of any of them any more than it is to fire live rounds at their adversaries.”

Martin also said that although in his time as NCSC chief executive he never had to declare a “category one” cyber-attack, the most severe type of national incident, it did not mean they may not in the future.

BBC:       Guardian:       NY Times:    Shropshire Star

You Might Also Read: 

Easy: Hackers Take Down A Hospital:

 

« Cyber Security Should Be A Mandatory Requirement
Foreign Influence In The American Election Of 2020 Is Declining »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

Syber Technology

Syber Technology

Syber Technology is an IT project implementer empowering IT systems of Small to Medium Enterprises in the Middle East.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

TheGreenBow

TheGreenBow

TheGreenBow is a trusted VPN software company. We help organizations and individuals become cyber-responsible. For this, we design and develop reliable and easy-to-use solutions.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

PriorityZero

PriorityZero

PriorityZero is a European company focused on remote security assessments and consulting services that operates on a global scale.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.

Sandfly Security

Sandfly Security

Sandfly focuses on Linux security that is high performance, high stability, high compatibility, and low risk.