German Hospital Hit by Ransomware, Patient Dies After Being Redirected | Tripwire

German Hospital Hit by Ransomware, Patient Dies After Being Redirected

Posted on September 18, 2020
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
A patient died after being redirected to another medical facility as the result of a German hospital having suffered a ransomware infection.
Universitaetsklinikum-Duesseldorf-Logo.png
On September 17, the Associated Press reported that a woman who needed urgent medical attention died after being transferred from University Hospital of Düsseldorf (Universitätsklinikum Düsseldorf) to a facility in another city. The American not-for-profit news agency said that a ransomware attack at the university hospital was at least partly to blame for the woman's death. News of the security incident first emerged on September 10 when officials at Universitätsklinikum Düsseldorf revealed that the clinic had suffered an extensive IT failure. The hospital brought on IT experts to assist with the recovery effort. In the meantime, Universitätsklinikum Düsseldorf canceled all planned and outpatient treatments, urged new patients not to come and temporarily de-registered itself as an emergency care provider. This could explain why the woman referenced in Reuter's reporting was diverted to another hospital, where she passed away. Hospital officials did not reveal the exact cause behind the security incident. Germany's Federal Office for Information Security (the Bundesamt für Sicherheit in der Informationstechnik) explained that the incident had amounted to a digital attack in which malicious actors had exploited CVE-2019-19781. This vulnerability affected several Citrix Gateway products and enabled a malicious actor to perform remote code execution on the host. Citrix released a patch for this flaw in January 2020. Even so, nefarious individuals apparently exploited this security weakness on some of Universitätsklinikum Düsseldorf's systems to launch ransomware, a threat which the Bundesamt für Sicherheit in der Informationstechnik specifically mentioned in its statement. It's unclear which ransomware gang was responsible for the attack described above. News of this incident followed several months after the security community learned of the Maze threat group having targeted both hospitals and research laboratories despite the gang having told Bleeping Computer that they would "stop all activity versus all kinds of medical organizations until the stabilization of the situation with [the COVID-19] virus."
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!