Hospital patient dies following botched ransomware attack

Graham Cluley
@gcluley

As Associated Press reports, when a ransomware attack knocked out systems at a major hospital in Düsseldorf, Germany, there were tragic consequences.

With its computer systems offline and data inaccessible, emergency patients who should have gone to Düsseldorf University Clinic were taken to other hospitals who hadn’t had their servers encrypted in the attack.

A seriously-ill patient, who normally would have been taken to Düsseldorf University Clinic, was instead diverted twenty miles away to a hospital in Wuppertal.

According to reports, doctors were not able to start treating the patient for an hour and she died.

30 servers at the Düsseldorf University Clinic are thought to have been infected by the ransomware, with the attackers leaving an extortion note demanding payment.

But the ransomware attack was botched.

Yes, it did manage to infect the hospital’s servers but the note itself was addressed to Heinrich Heine University, *not* the hospital

The hospital and the university are affiliated with eachother, but it seems that the fact that the ransomware attack hit the wrong organisation was down to sheer recklessness and lack of attention by the criminals behind it.

Police in Düsseldorf contacted the attackers using details shared in the extortion note, and received in return a decryption key to unlock the hospital’s data.

But that was all too late for the woman who died.

Prosecutors in the state of North Rhine-Westphalia are launching an investigation into the hackers on suspicion of negligent manslaughter.

But, of course, no-one knows the hackers’ true identities – and they may never become known and brought to justice.

Sign up to our newsletter
Security news, advice, and tips.

Ransomware attacks can ruin businesses, destroy individuals’ irreplaceable files and priceless photos, and even – it seems – result in death.

I’d like to think that someone might read about a case like this and think again about committing an attack. You may think you’ve dreamt up the perfect cybercrime, but it can all so easily have unintended consequences both for you and others who are entirely innocent.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.