A woman has died in Germany after a cyber attack at the Düsseldorf University Clinic (DUC) caused her to be turned away for emergency medical treatment at the hospital earlier in September.
The ransomware attack caused the hospital’s systems to go down and so patients were rerouted to alternative healthcare settings.
A police investigation was launched following the woman’s death, which occurred after she was forced to travel for an hour to a hospital 20 miles away in Wuppertal.
But the attack may have been misdirected, reports have suggested. According to Infosecurity Magazine, a ransom note was left on one of the hospital’s servers addressed to Heinrich Heine University, with which the DUC is affiliated. After Düsseldorf police contacted the attackers and informed them of the impact on the hospital, a digital decryption key was supplied and no money extorted. But no further communication was then possible.
Experts are understood to have been drafted in by detectives in order to determine whether there is a link between the attack and the death.
In a statement reported by the BBC the President of Germany’s national cyber-security authority, Arne Schönbohm, said the hackers exploited a previously publicised VPN vulnerability:
“We warned of the vulnerability as early as January and pointed out the consequences of its exploitation. Attackers gain access to the internal networks and systems and can still paralyse them months later.
“I can only stress that such warnings should not be ignored or postponed, but need appropriate measures immediately. The incident shows once again how seriously this risk must be taken.”