Patient Dies After Ransomware Attack on Düsseldorf Hospital

According to reports, the network failure announced by Düsseldorf University Hospital (UKD) last week – which turned out to be a ransomware infection – has resulted in a patient dying.

“In the morning hours of Thursday (September 10th), larger parts of the IT systems of the Düsseldorf University Hospital were gradually no longer usable,” the institution said in a notice last week. “This has far-reaching consequences for hospital operations, as activities in the computer system are necessary for many processes. For this reason, the UKD has canceled the emergency care,” reads a machine-translated version of the notice.

On September 11, a day after the network failure, UKD was already investigating a “possible hacker attack.” The Associated Press now reports:

“German authorities say a hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.”

Hackers reportedly left an extortion note on a hospital server, indicating a ransomware operation. However, it appears the attack was directed at an affiliated university, not at the hospital.

Local police were able to reach the hackers and notify them that they”d hit the hospital instead of the university, as the extortion note claimed. When they learned of their blunder, the hackers provided a decryption key.

“The hackers are no longer reachable, they said,” the AP report states.

Heise Online reports that the hackers” entry point likely was a vulnerable Citrix VPN appliance. The vulnerability in question is CVE-2019-19781 – dubbed “Shitrix” by the ever-spirited Internet community.