A Hospital Hack Caused A Patient To Die

Uploaded on 2020-09-21 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Hackers

German police have now begun an investigation after hackers took-down the computer systems at Düsseldorf University Hospital and a woman patient died while doctors attempted to transfer her to another hospital. The female patient was suffering from a life-threatening illness and was due to have life-saving treatment, but had to be turned away on the night of 11 September by the city’s university hospital and she died after the ambulance carrying her was diverted to another hospital (20 miles) away.

Medical staff believe the woman died from the delay in treatment after hackers attacked a hospital’s computer system. 

Cologne prosecutors have now officially launched a negligent homicide case saying that the hackers could be blamed for the death. One expert said, if confirmed, it would be the first known case of a life being lost as a result of a hack.

The ransomware attack hit the hospital on the night of 9 September, scrambling data and making computer systems inoperable. Such attacks are one of the most serious threats in cybersecurity with dozens of high profile attacks so far this year. The attackers can demand large payments in crypto-currency Bitcoin in exchange for a software key that unlocks IT systems. 

Some local reports suggest the hackers did not intend to attack the hospital and in fact were trying to target a different university. Once the hackers had realised their mistake it is reported they gave the hospital the decryption key without demanding payment before disappearing.

Germany’s cyber security agency, the Federal Office for Information Security, was called in to shore up the hospital’s systems. Its chief, Arne Schönbohm, said the Citrix flaw had been known about since December 2019 and called on healthcare facilities not to delay IT security upgrades.

Ciaran Martin who stepped down as the head of Britain’s National Cyber Security Centre recently said, “If confirmed, this  tragedy would be the first case I know of, anywhere in the world, where the death of a human life can be linked in any way to a cyber-attack,” he told a Royal United Services Institute event in London.

“The bad news is that causing disruption, pain and economic harm through cyber-attack and even putting small numbers of people indirectly at risk as we’ve seen with ransomware remains too easy for my liking ... The better news is that killing large numbers of people by cyber-attack deliberately remains thankfully quite hard.... The capabilities to do it are in the hands of only a very small number of nation-states and it is currently not in the interest of any of them any more than it is to fire live rounds at their adversaries.”

Martin also said that although in his time as NCSC chief executive he never had to declare a “category one” cyber-attack, the most severe type of national incident, it did not mean they may not in the future.

BBC:       Guardian:       NY Times:    Shropshire Star

You Might Also Read: 

Easy: Hackers Take Down A Hospital:

 

« Cyber Security Should Be A Mandatory Requirement
Foreign Influence In The American Election Of 2020 Is Declining »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

Chainalysis

Chainalysis

Chainalysis provides blockchain analysis software to prevent, detect and investigate cryptocurrency money laundering, fraud and compliance violations.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.

Future Crime Research Foundation (FCRF)

Future Crime Research Foundation (FCRF)

FCRF is a Non-Profit NGO specializing in Research in Cyber Security, Digital Crime, Fraud Risk Management, Cyber Laws and Cyber Forensics.

Blaze Networks

Blaze Networks

Blaze are a security-focused Managed Services Provider delivering communications and IT services to businesses across the UK.