Police probe lethal cyberattack on hospital
September 18, 2020Authorities in the German state of North Rhine-Westphalia launched an investigation on Thursday into suspected "negligent homicide" after a ransomware attack crippled a hospital in Düsseldorf.
A woman scheduled for life-saving treatment at the Düsseldorf University Clinic on Friday night had to be redirected to a hospital in Wuppertal roughly 60 kilometers (38 miles) away.
A ransomware cyberattack had forced emergency services to redirect nearly ambulances bound for the Düsseldorf hospital to other medical facilities.
The state Justice Ministry suggested the woman had died as a result of the delay in treatment caused by the ransomware.
Observers have suggested that her death is the first caused by a ransomware attack.
Read more: Germany debates stepping up active cyberoperations
'No concrete ransom'
German state authorities said the attack on the hospital was likely unintended. On one of the servers, a note was found requesting that the Heinrich Heine University get in contact with the perpetrators.
"There was no concrete ransom demand," according to the hospital.
About 30 servers were targeted in the attack, which exploited "widely used commercial add-on software."
Independent cybersecurity and privacy researcher Lukasz Olejnik described a "very serious indirect link" between the attack and the woman's death.
"On lethal cyberattacks, there are a lot of uncertainties," said Olejnik in an analysis published last year. "Technically killing with [a] cyber-operation is possible. It would have serious consequences. On the other hand, detection today is not certain."
Read more: Europe's cybersecurity gap threatens infrastructure, elections
ls/sms (AP, AFP)