par John R. Fischer
, Senior Reporter | September 23, 2020
A woman in Germany has died in what may be the first death linked to a cyberattack on a hospital.
The unidentified woman was admitted earlier this month to Düsseldorf University Hospital with a life-threatening condition. Due to the attack, however, the hospital’s IT systems were down and staff were unable to retrieve information on patients, and were forced to close the emergency department. The woman was transported by ambulance to Wuppertal hospital 20 miles away. Doctors were not able to start treating her for an hour, and she died, reported The Associated Press
“The IT system of the Düsseldorf University Hospital (UKD) has been disrupted since Thursday, September 10, due to a hacker attack via a security gap in standard software, which allowed attackers to penetrate the system and sabotage the network,” said the hospital in a statement. “The UKD is therefore still deregistered from emergency care and is not approached by the rescue service.”
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
The ransomware attack encrypted 30 servers and led to system crashes that prevented the facility from accessing data, according to the hospital. The attack was not intended for the clinic but for nearby Heinrich Heine University in Düsseldorf, with which the hospital is affiliated. A blackmail letter left on a server asked the university to contact the attackers but did not specify a specific amount. The perpetrators handed over a digital key to stop the attack after authorities informed them that they shut down a hospital.
Emergency patients were transferred to other locations and operations were postponed. Consequences included a drop in the number of inpatients receiving treatment from 1000 to around 550 and in the number of operations at the hospital from between 70 to 120 per day to between 10 and a maximum of 15, according to German news outlet RTL
The hospital said it has been aware of the security gap since December 2019 and worked with specialized service companies at the time of its discovery to fully implement recommendations provided by the manufacturer to address it. It installed a patch to update the software and commissioned two specialist companies to review it, which found no hazard. A so-called external penetration test this summer also showed no signs of vulnerability within the system.