The Cyber Attack That Killed

Abhinav Raj, Writer
@uxconnections

A German woman requiring urgent admission had to be diverted to another city for treatment after a ransomware attack caused the failure of IT systems at a major hospital

September 17 will perhaps be bookmarked as one of the grimmest pages in the journal of cybersecurity disasters; and will certainly be remembered as the day a cyberattack led to a death. 

On Thursday, cyber threats manifested their lethal potential as a German woman with underlying health conditions could not be admitted to the Düsseldorf University Hospital, as the hospital’s IT infrastructure was compromised owing to a ransomware attack.

The critically-ill woman had to be relocated to the nearest hospital in proximity, about 30 kilometres away from the Düsseldorf University Hospital. The unnamed woman died en-route to a nearby health facility situated in Wuppertal, reported the Associated Press. 

The catastrophic domino effect was prompted on September 10. 

It is revealed that the group of cyber miscreants had been targeting the nearby University for the premeditated ransomware attack. A note on a corrupted server instructed the hospital officials to maintain contact, but did not specify a ransom amount to acquire the decryption key for the restoration of systems. 

According to ABC News, the note was “addressed to the Heinrich Heine University, to which the Düsseldorf hospital is affiliated, and not to the hospital itself.” 

Current findings suggest the attack exploited a known Citrix vulnerability utilised as an entry point for multiple ransomware attacks. The Federal Office for Information Security (BSI) issued an advisory requiring firms to patch their Citrix network gateway for the CVE-2019-19871 vulnerability, a day before the attack took place.

(Image: Pixabay)

About 30 of the clinic’s servers were frozen and rendered obsolete. Operations and surgical procedures were postponed and patients compelled to move to different facilities. 

German prosecutors are looking to charge the individuals responsible with negligent manslaughter. 

The pages of the era of technology are unfolding; and the dark chapter of the attack on Düsseldorf University Hospital is one that should serve as a reminder: threats are evolving, and we are unprepared. 

The cyberattack on Düsseldorf University Hospital hasn’t been the first, and I daresay, it will not be the last. 

The International Criminal Police Organization (INTERPOL) reported a significant rise in the trend of cyberattacks against medical facilities, having received six alerts utilising four different types of ransomware back in April 2020. 

Coronavirus response infrastructures and healthcare IT facilities inevitably became soft targets amid the outbreak. 

“If these facilities were to be infected by ransomware, there would be greater impact, especially at this time,” Interpol’s Director of Cybercrime Craig Jones told the Wall Street Journal in April.

Conscience is too expensive a virtue to expect from cybercriminals. We must evolve faster than our adversaries, especially as stakes grow higher. 

If we have something to lose today, we will have more to lose tomorrow, as our dependence on technology only continues to grow. 

The next time a perpetrator attempts to hold a hospital hostage, we must be prepared. 

After all, lives are on the line.