Skip to Content
Computing

A patient has died after ransomware hackers hit a German hospital

This is the first ever case of a fatality being linked to a cyberattack.
Ambulance
Ambulance
Photo by camilo jimenez on Unsplash

For the first time ever, a patient’s death has been linked directly to a cyberattack. Police have launched a "negligent homicide" investigation after ransomware disrupted emergency care at Düsseldorf University Hospital in Germany.

The victim: Prosecutors in Cologne say a female patient from Düsseldorf was scheduled to undergo critical care at the hospital when the September 9 attack disabled systems. When Düsseldorf could no longer provide care, she was transferred 19 miles (30 kilometers) away to another hospital. The hackers could be held responsible by German police, the BBC reports.

A tragic first: “If confirmed, this tragedy would be the first known case of a death directly linked to a cyberattack,” Ciaran Martin, formerly the chief executive of the UK's National Cyber Security Centre, said in a speech at the Royal United Services Institute. “Although the purpose of ransomware is to make money, it stops systems working. So if you attack a hospital, then things like this are likely to happen. There were a few near misses across Europe earlier in the year, and this looks, sadly, like the worst might have come to pass."

The booming trade: Ransomware is a billion-dollar criminal industry. Hackers often target businesses, shutting down technology and stealing data before demanding up to millions of dollars in extortion money. Hospitals have been hit many times before, and as the criminal economy grew rapidly in recent years, it was widely feared that a patient death was inevitable.

Track record: In August, a multimillion-dollar scheme to hack and ransom Tesla made headlines when an employee blew the whistle. Before that, hackers took down the American tech company Garmin for weeks, reportedly resulting in a $10 million ransom being paid.

Raised stakes: There’s a big difference between hacked computers and human lives. Now that the threat to people is no longer theoretical, there may be a new urgency to fixing fundamental problems. German authorities say the hackers took advantage of a vulnerability in Citrix virtual private network software that was publicly known since January but which the hospital had failed to address.

Fixing vulnerabilities is much more difficult than it sounds, especially for an always-on operation like a hospital. But with human lives at stake, it is clearer than ever that the status quo is not good enough.

Deep Dive

Computing

ALEXANDER LUKASHENKO and hacktivists concept illo
ALEXANDER LUKASHENKO and hacktivists concept illo

Hackers are trying to topple Belarus’s dictator, with help from the inside

Opposition from inside the regime of Alexander Lukashenko is helping hackers run what may be the most comprehensive cyberattack on a nation ever.

0day exploit attacks computer
0day exploit attacks computer

2021 has broken the record for zero-day hacking attacks

But the reasons why are complicated—and not all bad news.

Department of Justice building
Department of Justice building

This US company sold iPhone hacking tools to UAE spies

An American cybersecurity company was behind a 2016 iPhone hack sold to a group of mercenaries and used by the United Arab Emirates.

collage of gears
collage of gears

Reimagining our pandemic problems with the mindset of an engineer

Grappling with all the uncertainty, the epidemiologist’s role during the pandemic proved confusingly complex. A more pragmatic, problem-solving mindset might help in making good decisions.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.