2 min read

Patient dies due to a ransomware attack

Picture of Kapua Iao Kapua Iao October 2, 2020

Healthcare cybersecurity news
Emergency room sign on a hospital building
Red EMERGENCY sign on a hospital building facade Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s cybersecurity agency, released a statement on September 17 following a patient’s death after a ransomware attack. A woman became the first death associated with a cyberattack after the University Hospital of Düsseldorf (UKD) was forced to turn away her ambulance.

What happened?

On September 10, 2020, hackers encrypted UKD’s computer system. The threat actors infiltrated UKD’s information system through a flaw in its Citrix virtual private network (VPN). The hackers then inserted ransomware and encrypted the hospital’s data. RELATED: DHS Warns of VPN Vulnerabilities and Email Cyberattacks The hospital immediately was unable to access its data; emergency patients had to be taken elsewhere and operations were postponed. On September 11 an ambulance attempted to deliver a patient but was turned away. Unfortunately, the woman died en route to Wuppertal, 20 miles away. A note left by the hackers (excluding a ransom amount) demanded that Heinrich Heine University, affiliated with UKD, contact them. The hospital requested help from BSI. Authorities reached out to the threat group to inform them that the attack had endangered a hospital and its patients. RELATED: INTERPOL Warns of Increased Ransomware Attacks on Hospitals The group then withdrew its extortion attempt and provided a decryption key. An investigation was subsequently launched against the unknown attackers; UKD’s computer systems remained inoperable as of BSI’s press release.

 

The Citrix flaw

The hackers exploited a common vulnerability and exposure (CVE) with Citrix Application Delivery Controller, which allows unknown parties to perform arbitrary code execution. Cyberattackers used this VPN vulnerability, CVE-2019-19781, to gain access to the hospital’s computer system. In fact, cybersecurity officials have known about this issue since December 2019. A U.S. Department of Homeland/Federal Bureau of Investigation joint alert from May 2020 included CVE-2019-19781 as a vulnerability exacerbated by the pandemic and social distancing, which has lead tan increase in remote work and the cybersecurity challenges that come along with it. RELATED: CISA and NCSC Joint Alert: Healthcare and Essential Services Targeted Citrix released a statement in January 2020 stating that the company created its final permanent fix for the flaw. It is unknown how many organizations applied the update.

 

The takeaway

Head of BIS, Arne Schöenbohm, implored hospitals to utilize upgrades and patches as soon as they are available:
I can only urge you not to ignore or postpone such warnings but to take appropriate action immediately. This incident shows once again how seriously the danger must be taken.
While healthcare organizations must focus on additional components of cybersecurity, such as HIPAA compliant email, attention must also be paid to safe technology use. RELATED: Smart Device Security Needs Higher Priority in Healthcare This VPN vulnerability, as well as other, similar problems, represent a threat vector, or gateway, into any system. Updating and patching should be a standard part of every cybersecurity program. RELATED: HSCC Requests to Include Patching in Allowable Stark Law Donations As this case demonstrates, data breaches do not just lead to exposed protected health information, HIPAA violations, or fines. Breaches can kill people. This is especially concerning given the coronavirus and the subsequent growth in cyberattacks over the past few months, particularly against healthcare organizations.
 
Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Laptop screen displaying skull and crossbones symbol on red background

Ransomware attack may have led to infant’s death

Picture of Kapua Iao Kapua Iao : October 12, 2021

A recent cyberattack may have led to the first death linked to ransomware in the U.S. A lawsuit was brought against a hospital after a cyberattack...

Healthcare cybersecurity news
Read More
Images of app logos on a screen.

How healthcare workers can identify fake cracked apps before downloading

Gugu Ntsele : September 23, 2025

Healthcare professionals rely on mobile applications for patient management, medical reference, continuing education, and clinical decision-making....

Healthcare cybersecurity news
Read More
laptop with lock icon over screen

Why disabling Autorun is smart for cybersecurity

Picture of Liyanda Tembani Liyanda Tembani : December 15, 2023

Autorun, an automatic computer feature, activates actions when external devices connect. Healthcare must disable it for improved cybersecurity....

Healthcare cybersecurity news
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.