The target: Düsseldorf University Hospital, a German teaching hospital
The take: A critically ill patient died as a result of the cyberattack on the hospital’s systems
The attack vector: A ransomware attack was carried out on the hospital’s systems, exploiting a vulnerability in their VPN. However – as the encryption attack caused the hospital’s computer system to become disconnected from the ambulance network, a critically ill patient had to be redirected to a remote hospital, and died after her admission to hospital was delayed by over an hour.
While hospitals are regular targets of ransomware attacks, this is the first known case where such an attack has cost a patient’s life, and is a stark reminder of the potential stakes. This attack was made possible by a security vulnerability in an off-the-shelf software product, which, for IT professionals, again, underlines the critical importance of maintaining patching procedures and ensuring that applications and appliances are maintained.