Ransomware may have led to the death of a German hospital patient

Jon Fingas
·Associate Editor
·1 min read

Ransomware is known to have serious consequences, but one of the latest attacks might have been fatal. BBC News reports (via MIT Technology Review) that prosecutors in Cologne, Germany have launched a negligent homicide investigation after a Düsseldorf University Hospital patient died following a ransomware incident. The attack hampered emergency services on September 9th, forcing healthcare workers to send the patient to a hospital 19 miles away for vital treatment.

Local media claim the hackers were targeting a different university and didn’t mean to compromise the hospital. They reportedly provided the ransomware decryption key for free once they realized their mistake.

Whatever the intentions, this may have been an avoidable breach. The intruders exploited a known security flaw in Citrix’s VPN software, and Germany’s cybersecurity authority said it warned of the vulnerability in January. It’s nothing new for institutions to fall short on security, but this misstep appears to have been deadly.

If the investigation establishes a connection, it could be one of the first deaths directly linked to a cyberattack, according to former UK security executive Ciaran Martin. If so, the loss might spur hospitals and other critical facilities to tighten security and prevent future tragedies.