Geek's Advice

Cybercriminals have gone too far – patient died after German hospital was hit by ransomware

On September 9th, Düsseldorf University Hospital in Germany was hit by a ransomware attack which took down 30 servers. The attack has stopped systems from working, forcing the healthcare workers to immediately transfer emergency patients to other healthcare facilities. One of the patients turned out to be a female with critical health state, requiring life-saving treatments. As a result of the cyber attack, she had to be transfered to another hospital in Wuppertal which is approximately 19 miles (30 kilometers) away from the compromised hospital. Unfortunately, such delay of the treatment was fatal for the patient and resulted in death.

It is suspected that this might be the first death caused by cyberattack, ever. However, until the ongoing investigation is complete, this is a speculation, not a fact yet.

It is unknown which ransomware family is to blame for the cyberattack. Some unconfirmed sources believe it might be associated with MAZE cartel.

Security hole in Citrix VPN software to blame

According to German news site heide.de, the attackers have gained access to the hospitals’ IT systems via security hole in Citrix VPN software known as “Shitrix.” It is believed that this could have happened months ago. That said, the whole shut-down of hospital’s servers was likely planned in advance.

The cyber attack was implemented with a help of critical security vulnerability, identified as CVE-2019-19781, first reported in December 2019. The compromisation of the systems involved adding a backdoor, and as a result, installing software updates with patches fixed the vulnerability, but didn’t get rid of the backdoor. Using this backdoor, the attackers worked their way deeper into the system in the next few months. Companies that didn’t identify the malicious code were compromised later, resulting in encrypted files on the entire network.

Ransomware operators get more and more aggressive and greedy

In 2020, ransomware operators have gone way too far with their greed for money – targeting extremely sensitive data, they seem to have no conscience. While in the past they used to lock computer’s screen or encrypt personal files only, nowadays they steal private information from individuals and companies, threatening to publish information online.

While previously these cybercriminals focused on home users mainly, nowadays their primary targets are large companies that are willing to pay hundreds of thousands to keep their and their customers’ private data safe. The appearance of Ransomware-as-a-Service, as well as partnerships between largest cybercriminal gangs resulting in cartels, such as Maze, Sodinokibi, Ragnarok, or LockBit have given a whole new perspective for the evolution of malware and Internet crime.

It is known that healthcare institutions are one of the top targets for cybercriminals, as these facilities do not have time for delays as lives must be saved. However, human lives do not seem to be an area of interest for ransomware operators.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.