If we’re ever unlucky enough to wind up in a hospital, we all hope for the best treatment and a quick recovery. But what if the hospital was crippled while trying to save your life? In September, a hospital in Dusseldorf experienced a ransomware attack that led to a patient’s death. Hospitals are easy targets for hackers, putting our privacy and even physical safety at serious risk.
The attack began when hackers used malware to encrypt the servers of the University Hospital of Dusseldorf, which forced personnel to redirect emergency patients to other facilities. Unfortunately, one woman died before receiving her treatment, making this the first ever death linked to ransomware.
Reports say that the ransom demand might have been accidental as it was addressed to a nearby university rather than the hospital. However, this is no consolation for the woman’s family and no exoneration of the hackers’ actions.
After the police contacted the perpetrators and told them that their ransomware had endangered patients, the criminals sent them a decryption key. If the investigation proves that the woman’s death was directly related to the transfer to another facility, this case will be treated as a homicide.
Regardless of whether the attack against the hospital in Dusseldorf was an accident or not, healthcare institutions have always attracted cyber criminals because of their poor security, the vulnerability of their patients, and the extensive databases of medical records they possess.
Patients’ data is highly demanded on the dark web as it can contain personal information, pictures, addresses, names, or payment records. This information can be used to commit fraudulent activities, stalk on people, or even blackmail them. Due to their patients’ vulnerability, hospitals are also more likely to quickly pay ransoms that hold life-saving equipment hostage. The average ransom demand is $59,000, which is not much compared with all the legal problems the healthcare facility might face in case their medical records have been exposed.
Hackers tend to attack smaller hospitals as they rarely have dedicated digital security teams. Estimates say that ransomware attacks against medical facilities have increased by 35% between 2016 and 2019.
After a cyberattack occurs, medical facilities typically enhance their security measures in response. However, these implementations often cause confusion among doctors and nurses as they figure out how to navigate their new IT infrastructure.
A recent study revealed that the rise in cyberattacks against hospitals is directly linked to an upsurge in deaths from heart attacks. The hospitals that were hacked in the past year took more time to give their patients ECGs and faced 36 additional deaths per 10,000 heart attacks.
In 2017, the world was hit by a massive ransomware attack known as WannaCry. It affected millions of people, companies, and healthcare facilities. In the UK alone, more than 80 hospitals were disrupted, which led to 19,000 appointments being cancelled in one week. While no fatalities were recorded, you can imagine the impact the attack had on patients.
Ransomware attacks can also hit individuals. Work files, financial data, contracts, college papers, pictures, or even the source code of a new app you’ve been working on can be encrypted by perpetrators unless you pay the ransom. Who should be concerned the most?
Keep the troubles away. Sign up for our monthly newsletter and stay ahead of the hackers.