Ransomware infection in University Hospital Düsseldorf not responsible for death of a woman

[German]New development in view of the death of a patient in the environment of the ransomware infestation in the University Hospital Düsseldorf. The public prosecutor’s office has discontinued its investigations against the unknown hackers because of the death, as there is no causal connection.


Some background

In the German blog post Düsseldorfer Uniklinik: IT-Ausfall durch Cyberangriff? I had reported on September 10, 2020 that the IT network of the University Hospital Düsseldorf (UKD) was out of order due to a cyber attack. The clinic’s operations had been disrupted for some time and the hospital had to stop providing emergency care to patients.

In a press release on September 17, the University Hospital admitted only one cyber attack, which was carried out via a ‘security issue in popular software’ and allowed access to the IT network. In the blog post Ransomware attack in German hospital ends deadly for a women – blame Shitrix vulnerability, I had disclosed that the cyber attack was an infection with ransomware. An unclosed vulnerability (Shitrix) from late 2019/early 2020 in Citrix products was the gateway for the attackers, who then placed the malware on the clinic network.

The case draw attention worldwide because a patient died in connection with the IT shutdown. The life-threatening patient (rupture of the aorta) was supposed to be taken to the university hospital on the night of September 11 to 12, but had to be referred to a hospital in Wuppertal. Since the treatment could only take place with a one-hour delay, the woman died a short time later. In such cases, the responsible public prosecutor always initiates an investigation. But whether this leads to a result is another matter.

Investigation due to death closed

The responsible prosecutor has now closed the investigation against the hackers because of death. Because the prosecutor’s office ‘sees no evidence’ that the death of the patient is causally connected with the cyber attack. After an in-depth investigation, which included consultations with medical experts, an autopsy and a minute-by-minute breakdown of events, prosecutor Hartmann believes that the severity of the victim’s medical diagnosis at the time of pickup by the rescue service was so severe that she would have died regardless of which hospital she was admitted to.

“The delay had no bearing on the final outcome,” Hartmann told Wired, who took up the issue here. “The medical condition was the sole cause of death, and this is completely independent of the cyber attack”. According to Wired, Hartmann compares it to hitting a corpse while driving: You exceed the speed limit, but you are not responsible for the death. For Hartmann, however, it is only a matter of time before the first death is reported as a result of a cyber attack on medical facilities.


Similar articles:
German Software AG victim of Cl0p ransomware, data leaked
French IT company Sopra Steria attacked by Ryuk ransomware, Zerologon exploited?
Cruise provider Carnival confirms ransomware attack with data exfiltration
Ransomware grounds French shipping company CMA CGM S.A.
Cyber attack with ransomware on US hospital operator UHS
Ransomware attack in German hospital ends deadly for a women – blame Shitrix vulnerability
Ransomware infection at German Dussmann Group
Garmin shutdown by WastedLocker ransomware attack
Toy maker Mattel victim of a Ransomware attack
Ragnar Locker Ransomware Infection at Campari Group

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *