Ransomware Attack Causes Patient to Die After Rerouting Her to Remote Hospital.
Treatment for life-threatening condition delayed by 1 Hour Due to Outage
A hospital in Duesseldorf, Germany suffered from a ransomware attack on Thursday when a woman needing emergency treatment was rerouted to a more distant healthcare facility.
Currently, the attackers remain unknown, but German authorities are still investigating on suspicion of negligent manslaughter, according to the Associated Press and German news outlet NTV on Thursday. The incident under investigation happened last Friday when the anonymous woman was denied services from Duesseldorf University Hospital because a ransomware attack crippled its ability to function normally. The woman was transported to the next closest hospital, which was approximately 20 miles away, resulting in about 1 hour of delayed treatment. Ultimately, she died.
According to a report by the North Rhine-Westphalia state justice minister, the ransomware attack encrypted around 30 hospital services approximately 24 hours before this patient’s death and left a message instructing the hospital-affiliated Heinrich Heine University to contact the perpetrators.
Duesseldorf police communicated to the attackers that they targeted a hospital treating emergency patients, not the university, which led the attackers to withdraw their extortion demand and provide a decryption key for unlocking the affected servers. Furthermore, the aforementioned report mentioned that said attackers were no longer reachable.
Hospital representatives said on Twitter that the ransomware infection happened when attackers exploited a vulnerability in a “widely used commercial add-on software,” that the tweet failed to identify. As noted by ZD Net, hospital administrators also stated that they had notified the appropriate German law enforcement agencies of the ransomware attack. Just hours earlier, the German agency dedicated to issuing cybersecurity warnings, the BSI, tweeted a link to this advisory from January. That advisory warned that cyber attackers were actively exploiting CVE-2019-19781, a serious vulnerability in the Citrix application delivery controller that customers use to perform inbound application traffic load balancing.
When questioned via email if the vulnerability was utilized to attack the Duesseldorf hospital’s servers, Citrix didn’t immediately respond. Interestingly, federal prosecutors said on Wednesday that this same vulnerability was one of several vulnerabilities reportedly used by hackers associated with the Chinese government to breach game and software makers.
Unfortunately, last week’s ransomware infection isn’t the first or last ransomware attack causing hospitals to be paralyzed. For example, last year there were 10 hospitals—seven in Australia and three in Alabama—affected by ransomware attacks that hampered their ability to accept new patients. All three Alabama hospitals reportedly paid the ransom to obtain the decryption key necessary to restore their respective systems.