by John R. Fischer
, Senior Reporter | September 23, 2020
A cyberattack on Duesseldorf University Hospital may be responsible for the death of a woman who could not be treated there for a life-threatening condition (Photo courtesy of Duesseldorf University Hospital)
A woman in Germany has died in what may be the first death linked to a cyberattack on a hospital.
The unidentified woman was admitted earlier this month to Düsseldorf University Hospital with a life-threatening condition. Due to the attack, however, the hospital’s IT systems were down and staff were unable to retrieve information on patients, and were forced to close the emergency department. The woman was transported by ambulance to Wuppertal hospital 20 miles away. Doctors were not able to start treating her for an hour, and she died, reported The Associated Press
“The IT system of the Düsseldorf University Hospital (UKD) has been disrupted since Thursday, September 10, due to a hacker attack via a security gap in standard software, which allowed attackers to penetrate the system and sabotage the network,” said the hospital in a statement. “The UKD is therefore still deregistered from emergency care and is not approached by the rescue service.”
The ransomware attack encrypted 30 servers and led to system crashes that prevented the facility from accessing data, according to the hospital. The attack was not intended for the clinic but for nearby Heinrich Heine University in Düsseldorf, with which the hospital is affiliated. A blackmail letter left on a server asked the university to contact the attackers but did not specify a specific amount. The perpetrators handed over a digital key to stop the attack after authorities informed them that they shut down a hospital.
Emergency patients were transferred to other locations and operations were postponed. Consequences included a drop in the number of inpatients receiving treatment from 1000 to around 550 and in the number of operations at the hospital from between 70 to 120 per day to between 10 and a maximum of 15, according to German news outlet RTL
The hospital said it has been aware of the security gap since December 2019 and worked with specialized service companies at the time of its discovery to fully implement recommendations provided by the manufacturer to address it. It installed a patch to update the software and commissioned two specialist companies to review it, which found no hazard. A so-called external penetration test this summer also showed no signs of vulnerability within the system.
Prosecutors have launched an investigation against the perpetrators of the attack on suspicion of negligent manslaughter due to the transfer of the woman to Wuppertal. The perpetrators were not named and are no longer able to be contacted. Should the death of the woman be connected to the transfer to Wuppertal brought on by the attack, it could be deemed a case of negligent homicide and lead to further investigations, according to RTL.
The hospital said there are no indications that the data cannot be retrieved. “The UKD and the specialist companies involved were able to make further progress in restoring the IT system,” said Professor Dr. Frank Schneider, medical director of the UKD, in a statement. “As things stand today, we expect that we will be able to resume emergency care in our ZNA within the next week."
Ido Geffen, VP of Product at CyberMDX, told HCB News that no single security solution is enough today to prevent hackers from encrypting servers, and that multiple layers are required to make it more difficult for them to do so. He laments, however, that there is "no silver bullet" to quickly undo a hack like this once it occurs.
"Preventing an attack like this, and any cyberattack really, is largely dictated by the work done ahead of time," he said. "For this reason it is so important that healthcare delivery organizations have a robust, multilayered cybersecurity strategy in place and dedicate the resources to properly train staff properly and put the right tools in place before the incident occurs. As the cliché says, "you are only as strong as your weakest link" and so HDOs need to examine where their current cybersecurity strategies are lacking and work diligently to correct them, because there is no "do-over" button once the attack has happened."