Skip to Content
MIT Technology Review

Ransomware did not kill a German hospital patient

Still, police warn that it’s only a matter of time before hacking hospitals leads to tragic results.

Photo by Hush Naidoo on Unsplash

The news: When a German hospital patient died in September while ransomware disrupted emergency care at the facility, police launched a negligent-homicide investigation and said they might hold the hackers responsible. The case attracted worldwide attention because it could have been the first time law enforcement considered a cyberattack to be directly responsible for a death.

But after months of investigation, police now say the patient was in such poor health that she likely would have died anyway, and that the cyberattack was not responsible. 

The findings: “The delay was of no relevance to the final outcome,” Markus Hartmann, the chief public prosecutor at Cologne public prosecutor's office, told Wired. “The medical condition was the sole cause of the death, and this is entirely independent from the cyberattack."

Although police have dropped the claim that hackers are responsible for the patient’s death, German law enforcement is still investigating the case. Hartmann, and many cybersecurity experts, believe it’s only a matter of time before an attack against hospitals causes such a tragedy.

The warning: In October, a wave of ransomware attacks hit American hospitals just as coronavirus cases started spiking. No one died as a result, but the prolific hackers involved did make their money, which means all the incentives are there for more attacks—just as coronavirus rates continue to rise rapidly around the western world.