German patient dies after being diverted from hospital hit by ransomware attack

A German woman has died after being diverted from a hospital that had suffered a ransomware attack, allegedly the first death attributed directly to such an attack.

The ransomware attack targeted the Duesseldorf University Hospital Sept. 10, resulting in critical systems at the hospital being shut down. As a result of the outage, patients seeking emergency care were diverted to a hospital in Wuppertal, 32 kilometers (20 miles) away. The diversion delayed treatment of the woman by about an hour and doctors were unable to treat her in time to save her.

The form of ransomware used in the attack was not disclosed, but local officials said that it affected 30 servers. The ransomware infection path is said to have involved the attackers exploiting a vulnerability in a “widely used commercial add-on software.” Ars Technica reported that around the same time, the CERT-Bund, the German cybersecurity authority, tweeted a link to a security advisory from January relating to a critical vulnerability in the Citrix application delivery controller.

Data was encrypted on affected servers, but atypically for a ransomware attack, a set ransom was not demanded. Those behind the attack instead asked for the addresses to get in touch. According to the Associated Press, the letter was addressed to the Heinrich Heine University, which the Duesseldorf hospital is affiliated with but not to the hospital.

Authorities then reached out to those behind the attack and told them that the hospital and not the university had been affected, endangering patient lives. Perhaps proving that sometimes cybercriminals do have a heart, the perpetrators withdrew their demands for a ransom and provided a key to decrypt the data.

German authorities have launched an investigation against those behind the ransomware attack on suspicion of negligent manslaughter.

Ransomware attacks targeting hospitals have been increasing this year amid the COVID-19 pandemic. Fresenius SE & Co. KGaA, Europe’s largest private hospital operator, was hit by ransomware that limited the use of some of its systems in May.

Photo: Wiegels/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.


“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.