Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity NewsHospitals & Medical Centers

First ransomware-related death reported in Germany

From the ER to the Executive Suite, Hospitals Tighten Up
September 21, 2020

The Duesseldorf University Clinic in Germany was hit by a ransomware attack last week that forced staffers to direct emergency patients elsewhere. The cyberattack “crippled the entire IT network of the hospital." As a result, a woman seeking emergency treatment for a life-threatening condition died after she had to be taken to another city for treatment, according to several outlets. 

Though the attack occurred earlier during the week and the phone systems was brought back online, other systems remained down.The hospital, however, said that that “there was no concrete ransom demand,” and no clear indications that data is irretrievably lost and that its IT systems are being gradually restarted, according to AP News. 

According to report from North Rhine-Westphalia state’s justice minister, 30 servers at the hospital were encrypted last week and an extortion note left on one of the servers, news agency dpa reported, says AP News. The note called on the addressees to get in touch, but didn’t name any sum and was addressed to the Heinrich Heine University, to which the Duesseldorf hospital is affiliated, and not to the hospital itself.

Duesseldorf police then established contact and told the perpetrators that the hospital, and not the university, had been affected, endangering patients. The perpetrators then withdrew the extortion attempt and provided a digital key to decrypt the data, AP News reports. 

Mohit Tiwari, Co-Founder and CEO at Symmetry Systems, a San Francisco, Calif.-based provider of cutting-edge Data Store and Object Security (DSOS), notes that hospitals have a particularly challenging setting as they have to prioritize fighting healthcare-related fires all the time and have to work with software (and hardware) that takes years to certify for safety.

"This means the compute infrastructure lags behind due to both business (lower priority expense) and technical (expensive and risky to upgrade) reasons," Tiwari explains. "Perhaps the shift in mindset that hospital executives have to get to is that compute infrastructure in hospitals is key to healthcare, and computing failures are healthcare failures. Further, computing flaws are highly correlated and can spread quickly -- ransomware or breach of large data stores or compromise of medical equipment on a network. These systemic failures look a lot different than safety faults in a machine that would be triggered in specific conditions, and computing failures will soon get a lot harder to get insurance for. With the right investments, there is recent technology that can lift and shift certified workloads into safer virtual machines and put defenses around it, and better identity and authorization methods that prevent small errors from scaling out organization wide.” 

Terence Jackson, Chief Information Security Officer at Thycotic, a Washington D.C. based provider of privileged access management (PAM) solutions, notes, “The outcome of this event is tragic. I offer condolences to the family of the patient. Yet, this highlights that the consequences of a ransomware attack can be deadly. As details are still emerging, it is thought that the ransomware exploited a vulnerability that a patch had been released to remediate." 

According to a recent Check Point report, 80 percent of observed ransomware attacks in the first half of 2020 used vulnerabilities reported and registered in 2017 and earlier – and more than 20 percent of the attacks used vulnerabilities that are at least seven years old. Jackson adds, "Patch management is a critical component to network security.”

Rick Holland, Chief Information Security Officer, Vice President Strategy at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, says that, "In the early days of COVID-19, we saw actors stating that they wouldn't target healthcare, so at least some criminal element is publicly against these sorts of attacks. Opportunistic ransomware actors who cast a wide net may not realize that many university systems have significant healthcare components that conduct research and treat patients. Law enforcement agencies are already highly focused on ransomware operators. Still, any attacks that result in the loss of life will only increase the criminals'  risk of indictments and arrests. It will be interesting to see how targeting evolves in the future due to this tragic event, but I wouldn't place bets on all criminals avoiding healthcare institutions. There is no honor among thieves.”

Mark Kedgley, CTO at New Net Technologies (NNT), a Naples, Florida-based provider of IT security and compliance software, warns this incident won’t be the last time that cybersecurity has such a direct impact on human lives. "As the indiscriminate distribution of ransomware hits more IT systems and operational technology underpinning critical infrastructure, like hospitals, energy, and rail and traffic management, we will all be affected more by hacker-instigated disruption," Kedgley says. "As with WannaCry, it seems likely that the vulnerability exploited here was months old, so in theory there was time to mitigate the threat in theory, but it illustrates the importance of running vulnerability scans and acting on findings at least every 30 days if not more frequently. This becomes more difficult in a 24/7 operation like a hospital or power station, where resolving the conflict between the demand for continuous uptime, and maintaining cybersecurity, gets really tough.”

 

KEYWORDS: cyber security healthcare security information security ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • green text in vertical lines on black screen

    The U.S., U.K. and Germany rank top in ransomware attacks

    See More
  • Police crime scene tape

    Overall declines in the number of violent and property crimes reported for the first six months of 2020

    See More
  • vaping

    2,500 Cases of Vaping-Related Lung Injuries Reported Nationwide

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • Physical-Layer-Security.gif

    Physical Layer Security in Wireless Communications

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing