Monday, September 28, 2020

First ransomware attack tied to patient death, negligent homicide charge possible

PARCA eNews – Sept. 18, 2020 – In what is believed to be a first, a ransomware attack has led to a patient death according to reports in HIPAA Journal and Fortune Magazine.

The Sept. 10, 2020 attack crippled the Heinrich Heine University Clinic in Dusseldorf, Germany. The 78-year-old woman patient required immediate emergency treatment for an aneurysm and had to be diverted to another emergency facility 21 miles away. The one-hour delay was noted as contributing the the patient’s death.
The attackers had exploited a vulnerability in an add-on software package to the clinic’s network system. Once network access was gained the attackers ran an encryption process that crashed 30 servers at the hospital system including its medical records.

The clinic was forced to transfer emergency care, postpone appointments and outpatient care until the damage was repaired.

According to the HIPAA Journal report, the police made contact with the attackers using information in the ransom note. It turned out that the hackers had not intended to attack the clinic, rather they were intending to target Heinrich Heine University also in Dusseldorf.

When they learned the hospital had been affected, the hackers supplied the keys to decrypt files and dropped their extortion demands. Law enforcement is continuing to investigate in pursuit of identifying and charging the attackers with negligent homicide.

Report compiled from The HIPAA Journal and Fortune magazine

No comments:

Post a Comment

Followers