Tuesday, September 22, 2020

RansomWare Attack Blamed in Patient's Death in Germany


RansomWare attacks continue to escalate.  Unfortunately as that happens, more and more healthcare agencies get in the crosshairs.  I've been saying for a while now that at some point some type of data intrusion would result in a patient death.  Well now it looks like we have one.

Last Thursday in Germany a woman developed a life threatening emergency and called for an ambulance.

The original plan was for the patient to be taken to the University Hospital Duesseldorf, but unfortunately that didn't happen.  The hospital was not accepting emergency patients because 30 of their servers had been encrypted by RansomWare.  The result was that the patient was re-routed to a hospital 20 miles away in Wuppertal.  Unfortunately, in emergency medicine time counts and the delay of her treatment resulted in her death.

Hospitals are dependent on the instantaneous availability of clinical information and when that isn't possible, care suffers and some can suffer greatly.

I have a friend, Brett Callow who works as a threat analyst for Emsisoft, which is a New Zealand security firm.  His take on this?  “This was absolutely inevitable,” said Brett. “We are fortunate it hasn’t happened sooner.”

The story becomes even more strange.  The hospital is part of a university and there is speculation that the RansomWare criminals may actually have been targeting the university itself and that the hospital may have been collateral damage.

It seems that when police in Dusseldorf contacted the attackers through the ransom note and informed them that the university hospital was involved, the criminals gave the encryption key to the police, which allowed for the data to be restored, and then the criminals vanished.

However, despite the fact that they gave the encryption key to the police, doesn't mean these people are all fluffy bunnies and unicorns.  No, they are still criminals.  German prosecutors are now exploring the chance of possible manslaughter charges.  Of course, the chance of finding the perpetrators is slim.

As RansomWare continues to evolve and proliferate, this is bound to get worse.  The only solution I see is stronger crackdowns by the law, but in some rogue states, these cyber criminals actually payoff the government to work with impunity.  Will things change?  Lives hang in the balance,.

No comments:

Post a Comment