Hospital patient dies following botched ransomware attack

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Hospital patient dies following botched ransomware attack

As Associated Press reports, when a ransomware attack knocked out systems at a major hospital in Düsseldorf, Germany, there were tragic consequences.

With its computer systems offline and data inaccessible, emergency patients who should have gone to Düsseldorf University Clinic were taken to other hospitals who hadn’t had their servers encrypted in the attack.

A seriously-ill patient, who normally would have been taken to Düsseldorf University Clinic, was instead diverted twenty miles away to a hospital in Wuppertal.

According to reports, doctors were not able to start treating the patient for an hour and she died.

30 servers at the Düsseldorf University Clinic are thought to have been infected by the ransomware, with the attackers leaving an extortion note demanding payment.

But the ransomware attack was botched.

Yes, it did manage to infect the hospital’s servers but the note itself was addressed to Heinrich Heine University, *not* the hospital

The hospital and the university are affiliated with eachother, but it seems that the fact that the ransomware attack hit the wrong organisation was down to sheer recklessness and lack of attention by the criminals behind it.

Police in Düsseldorf contacted the attackers using details shared in the extortion note, and received in return a decryption key to unlock the hospital’s data.

But that was all too late for the woman who died.

Prosecutors in the state of North Rhine-Westphalia are launching an investigation into the hackers on suspicion of negligent manslaughter.

But, of course, no-one knows the hackers’ true identities – and they may never become known and brought to justice.

Sign up to our free newsletter.
Security news, advice, and tips.

Ransomware attacks can ruin businesses, destroy individuals’ irreplaceable files and priceless photos, and even – it seems – result in death.

I’d like to think that someone might read about a case like this and think again about committing an attack. You may think you’ve dreamt up the perfect cybercrime, but it can all so easily have unintended consequences both for you and others who are entirely innocent.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.