A seemingly misdirected ransomware attack on a major hospital in Dusseldorf, Germany, earlier this week resulted in widespread information technology (IT) failure and forced medical personnel to redirect emergency patients to other facilities, including one woman whose death may be the first directly linked to such a cyberattack.
German authorities revealed on Thursday that they had made contact with anonymous hackers who carried out a botched ransomware cyberattack that had unintentionally crippled the IT systems of the Dusseldorf University Clinic since the week prior, the Associated Press reported.
A total of 30 servers were encrypted the previous week, according to a recent report issued by the justice ministry of the state of North Rhine-Westphalia.
“There was no concrete ransom demand,” the hospital expressed.
The cyberattack exploited vulnerabilities present in “widely used commercial add-on software,” the Dusseldorf University Clinic said, citing investigators. Hospital personnel found themselves unable to access necessary data following the hack, forcing them to halt operations at the clinic and redirect emergency patients to a Wuppertal medical facility, some 34 kilometers (21 miles) away.
Cybersecurity experts have argued that the woman’s death could be the first ransomware-related fatality.
German broadcaster RTL detailed that authorities were able to get in contact with the hackers and informed them of the ransomware attack’s impact on the hospital. The cybercriminals then provided Dusseldorf police with a digital key to decrypt the servers.
It’s worth noting that the decryption and retrieval of data were not instantaneous, and remained ongoing at the time of AP’s Thursday report.
Independent cybersecurity and privacy researcher Lukasz Olejnik, co-author of the International Committee of the Red Cross’ 2019 report entitled “The Potential Human Cost of Cyber Operations,” warned in May 2019 that hospitals’ increased reliance on digital systems for everyday operations concurrently raises the “risk of [the hospital] falling apart following cyberattack.” He also called attention to the possible “weaponization of vulnerabilities” and emphasized the need to “refrain from implanting vulnerabilities via the creation of backdoors.”
It remains unclear what particular vulnerability was exploited at the hospital.
“Establishing causality is always [very] hard, so unclear BUT this potentially very serious indirect link.”