First death reported following a ransomware attack on a German hospital

Death occurred after a patient was diverted to a nearby hospital after the Duesseldorf University Hospital suffered a ransomware attack.

ambulance hospital

Image: Camilo Jimenez

Executive guide

Ransomware: One of the biggest menaces on the web

Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC's infected.

Read More

German authorities are investigating the death of a patient following a ransomware attack on a hospital in Duesseldorf.

The patient, identified only as a woman who needed urgent medical care, died after being re-routed to a hospital in the city of Wuppertal, more than 30 km away from her initial intended destination, the Duesseldorf University Hospital.

The Duesseldorf hospital was unable to receive her as it was in the midst of dealing with a ransomware attack that hit its network and infected more than 30 internal servers on September 10, last week.

The incident marks the first-ever reported human death indirectly caused by a ransomware attack.

The patient's death is currently being investigated by German authorities. If the ransomware attack and the hospital downtime are found to have been directly at fault for the woman's death, German police said it plans to turn their investigation into a murder case.

According to German news outlet RTL, the ransomware gang has withdrawn its ransom demand after German police reached out. The hospital has since received a decryption and is restoring its systems.

In a tweet earlier today, hospital officials blamed the ransomware infection on a vulnerability in a widely used commercial software.

In a subsequent tweet, the same officials said they notified German authorities, such as the German cybersecurity agency BSI, who are responsible for issuing appropriate security warnings.

A day earlier, the BSI had issued a warning, out of the blue, asking German companies to update their Citrix network gateways for the CVE-2019-19871 vulnerability, a known entry point for ransomware gangs.

The Associated Press also reported today that the entire ransomware attack on the hospital's network appears to have been an accident, with the ransom note being addressed to the local university (Duesseldorf Heinrich Heine University), and not the hospital, which was only part of the larger network.