Ransomware Hit German Hospital Lead To death of Patient

Ransomware Hit  German Hospital Lead To  death of Patient


An investigation is currently ongoing to find out who is behind the ransomware attack that hit the german hospital and possibly ended in the death of a patient.



This is being described negligent manslaughter by authorises, the ransomware attack happened last Friday while an unidentified patient had to be turned away from the Dusseldorf university hospital as they were dealing with the cyber attack which ended delaying treatment creating a life-threatening situation.



The patient had to be transported to a different hospital about 20 miles away and ended up dying.



According to reports, the attacks began about 24hr prior to her death and it has encrypted about 30 hospital servers. Messages left on the serves were odd as they instructed the Heineken university to contact attackers for ransom directions. 


Attacker Daniel Targeting Hospitals With Ransomware


Since the ransomware was actively hitting hospital that was treating emergency patients Dusseldorf police got in contact with the attacker and the attacker ended up sending a decrypting key without the hospital paying the ransom so it sounded like that was not their actual target.



Tweets from the hospital as well as german cybersecurity agency lead us to believe that the attack targeted a specific vulnerability in Citrix application delivery controller which had an advisory back in January as well as a CVE-2019-19781 from 2019. This is the same vulnerability that was used recently by attackers to targets games and software makers.



This investigation cloud marks the first known case of a human death which was indirectly caused by ransomware that may or may not has been targeting a hospital. It may be possible that the hospital was not indeed the targets and was just swept up in a targeting campaign against the university mentioned in the ransomware note.

Previous Post Next Post