Ransomware has been a growing issue for years but, in a first, ransomware appears to have caused the death of a hospital patient.
According to the BBC, a ransomware attack disabled Düsseldorf University Hospital in Germany. A female patient at the hospital was preparing for a life-saving procedure when the ransomware hit, and died when medical personnel were trying to transport her 30km away to the nearest hospital.
It’s possible the hackers mistakenly targeted the hospital. The BBC quotes local reports saying the hackers were trying to hit another university. Those same reports say the hackers turned over the decryption keys without payment once they realized the hospital had been impacted.
Whether the attack was intentional or not, authorities are now investigating it as a negligent homicide. Unfortunately, it also appears the attack could have been averted. The hackers used a well-known vulnerability in Citrix VPN software, a vulnerability that organizations had been warned about as early as January. If prosecutors do make their case, the hospital will likely face penalties for ignoring the danger.
This tragedy should serve as a sobering reminder to companies of all kinds to keep up with security alerts and vulnerabilities, and keep their software and services up-to-date.