Patient dies due to a ransomware attack

Featured image

Share this article

Emergency hospital building where ambulances escort patients

Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s cybersecurity agency, released a statement on September 17 following a patient’s death after a ransomware attack.

A woman became the first death associated with a cyberattack after the University Hospital of Düsseldorf (UKD) was forced to turn away her ambulance.

What happened?

On September 10, 2020, hackers encrypted UKD’s computer system.

The threat actors infiltrated UKD’s information system through a flaw in its Citrix virtual private network (VPN). The hackers then inserted ransomware and encrypted the hospital’s data.

RELATED: DHS Warns of VPN Vulnerabilities and Email Cyberattacks

The hospital immediately was unable to access its data; emergency patients had to be taken elsewhere and operations were postponed.

On September 11 an ambulance attempted to deliver a patient but was turned away. Unfortunately, the woman died en route to Wuppertal, 20 miles away.

A note left by the hackers (excluding a ransom amount) demanded that Heinrich Heine University, affiliated with UKD, contact them.

The hospital requested help from BSI. Authorities reached out to the threat group to inform them that the attack had endangered a hospital and its patients.

RELATED: INTERPOL Warns of Increased Ransomware Attacks on Hospitals

The group then withdrew its extortion attempt and provided a decryption key.

An investigation was subsequently launched against the unknown attackers; UKD’s computer systems remained inoperable as of BSI’s press release.

The Citrix flaw

The hackers exploited a common vulnerability and exposure (CVE) with Citrix Application Delivery Controller, which allows unknown parties to perform arbitrary code execution. Cyberattackers used this VPN vulnerability, CVE-2019-19781, to gain access to the hospital’s computer system.

In fact, cybersecurity officials have known about this issue since December 2019. A U.S. Department of Homeland/Federal Bureau of Investigation joint alert from May 2020 included CVE-2019-19781 as a vulnerability exacerbated by the pandemic and social distancing, which has lead tan increase in remote work and the cybersecurity challenges that come along with it.

RELATED: CISA and NCSC Joint Alert: Healthcare and Essential Services Targeted

Citrix released a statement in January 2020 stating that the company created its final permanent fix for the flaw. It is unknown how many organizations applied the update.

The takeaway

Head of BIS, Arne Schöenbohm, implored hospitals to utilize upgrades and patches as soon as they are available:


I can only urge you not to ignore or postpone such warnings but to take appropriate action immediately. This incident shows once again how seriously the danger must be taken.


While healthcare organizations must focus on additional components of cybersecurity, such as HIPAA compliant email, attention must also be paid to safe technology use.

RELATED: Smart Device Security Needs Higher Priority in Healthcare

This VPN vulnerability, as well as other, similar problems, represent a threat vector, or gateway, into any system.

Updating and patching should be a standard part of every cybersecurity program.

RELATED: HSCC Requests to Include Patching in Allowable Stark Law Donations

As this case demonstrates, data breaches do not just lead to exposed protected health information, HIPAA violations, or fines. Breaches can kill people.

This is especially concerning given the coronavirus and the subsequent growth in cyberattacks over the past few months, particularly against healthcare organizations.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022