by Pieter Arntz , Malwarebytes Labs
A recent ransomware attack that played a significant role in the death of a German woman has put into focus both the dangers and the importance of cybersecurity today. It has also led some to point fingers as to who was responsible.
As usual, playing the blame game helps no one, but it does remind us of the dire need to work on healthcare security.
What happened?
A few weeks ago, the university hospital Uniklinikum in the German city of Düsseldorf suffered a ransomware attack. The hospital decided not to admit new patients until it resolved the situation and restored normal operations.
Because of the admissions stop, a woman in need of immediate help had to be driven to the hospital of Wuppertal which is about 20 miles further. Unfortunately, she died upon arrival. The extra 30 minutes it took to get her to the next hospital turned out to be fatal.
As it turned out, the target of the ransomware gang was not even the hospital, but the university to which the hospital belongs. When the attackers learned that the hospital had fallen victim as well, they handed over the decryption key for free. Despite that key, it took the hospital more than two weeks to reach a level of operability that allowed them to take on new patients.