State authorities in North Rhine-Westphalia are investigating whether a hospital ransomware attack resulted in negligent homicide, according to a report by the German public broadcaster DW.
Media reports say this may be the first time that a hospital cyberattack has caused a death, even if it was indirectly.
Düsseldorf University Clinic had to redirect a woman needing life-saving treatment to another hospital in Wuppertal on the night of Sept. 11; a ransomware attack had crippled the hospital’s IT system. The state Justice Ministry, according to DW, claims the delay resulted in her death.
The Associated Press reported yesterday that the hospital’s systems remained disrupted a week later. With no access to data, emergency patients have to go to other hospitals, and Düsseldorf University Clinic has postposed scheduled operations.
“This may well mark the first time that a human casualty has been linked to a ransomware attack. It’s an incredibly grim possibility that cybersecurity experts have been warning about for quite some time,” said Forbes contributor Lee Mathews.
CriticalStart (Plano, Texas) offers a managed technology platform and consulting to protect organizations from cyberattacks. The company’s CTO Randy Watkins described ransomware attacks on hospitals as terrifying.
“While some attackers have sworn not to target hospitals, others see it as a guaranteed payout with ultimate hostage, human life,” Watkins said in a statement shared with MassDevice‘s sister site Design World. “To defend against these attacks, hospitals need to evolve their cybersecurity posture by ensuring computer hygiene and proper protection across the organization.”