A ransomware attack has caused the death of patient. This is the first time that anyone has lost their life due to a cyber attack. University Hospital Düsseldorf (UKD) in Germany suffered the cyber attack on September 10th. The attacker’s exploited a vulnerability in a Citrix VPN, Citrix ADC CVE-2019-19781 vulnerability. The attack caused the IT systems in the hospital to be disrupted forcing the hospital to re-route all planned and outpatient treatments to more distant hospitals.
A patient in a life-threatening condition was forced to be treated at a more distant hospital. This caused the patient to receive care an hour later which may have led to her death. The ransom note left on the hospital’s servers were addressed to Heinrich Heine University, and not the actual hospital. The attackers did not intend to attack the hospital. Authorities contacted the attackers and explained to them that the attack was putting patients at risk. The attackers withdrew the ransom and provided a decryption key.
German prosecutors still launched an investigation against the attackers on suspicion of negligent manslaughter due to the patient having to be transported to another hospital 20 miles away. This resulted in the doctors not being able to treat the patient for an hour resulting in her death.
https://www.bleepingcomputer.com/news/security/ransomware-attack-at-german-hospital-leads-to-death-of-patient/
Leave a Reply
You must be logged in to post a comment.