Ransomware Hospital Attack

Ransomware is commonly used to steal data and cost organizations up to hundreds of thousands of dollars. But in this case, the consequence was far graver than financial loss. A ransomware attack on a hospital in Duesseldorf, Germany led to the inability to treat patients as normal, resulting in a woman with a life-threatening condition being turned away to find treatment elsewhere. Unfortunately, she did not make it to another hospital.

Breakdown of the Attack

The infection within the systems began after the attackers exploited a vulnerability in a commercial add-on software. Their attack started on Thursday, Sept. 10 and encrypted 30 hospital servers with a message demanding that the Heinrich Heine University contact the attackers. This University is affiliated with the Duesseldorf hospital, but when the police were able to contact the attackers, they explained that the ransomware had hit a hospital that treated emergency patients.

After hearing about the mistake, the attackers reportedly withdrew their ransom demand and gave the hospital a decryption key to access their servers once again. Little is known about who the attackers were or what their goal was in encrypting the hospital servers. Though the ransomware was removed, it was not done soon enough as the woman who was rushed to the hospital had to go to another facility 20 miles away, which added an hour to her time in an ambulance without total care. She perished because of the hospital’s lack of security defenses.

Protect Your Systems, Protect Your Patients

A cybersecurity advisory from the German agency in charge of security warnings stated that many ransomware attackers were exploiting CVE-2019-19781, which is a vulnerability in Citrix application delivery controllers. This was not confirmed to the the vulnerability that was exposed in Duesseldorf. However, hospitals and other healthcare facilities need to protect their systems with regular updates and security patches to fix any vulnerabilities.

In addition, a secure backup system could have prevented the ransomware attack from completely shutting down the hospital’s ability to treat patients. The SecureDrive products are hardware encrypted and come with built-in antivirus to keep malicious files from being transferred to or from the device. With secure authentication methods through PIN or secure mobile app, unauthorized parties will be unable to access PHI and other critical data.

Protecting your healthcare facility from ransomware not only keeps your data secure for continued operation but could potentially save a life. See more about the SecureDrive products and why they are the ideal HIPAA compliant backup solution for hospitals at https://www.securedrive.com/store.