A woman died on September 11 as she was turned away by a nearby hospital in Duesseldorf, Germany after a ransomware attack hampered its operations and forced her to seek emergency treatment from another facility 20 miles farther. The police later spoke with the cybercriminals whom they will be filing manslaughter charges for the patient's death.
According to Ars Technica, based on a report from Associated Press on September 17, German authorities are seeking to file a negligent manslaughter case against the unknown cybercriminals who launched that attack against the Duesseldorf University Hospital.
There are only minimal details revealed to the public about the ransomware, which started about 24 hours before the patient's death. According to the North Rhine-Westphalia state justice minister, 30 hospital servers were encrypted by the ransomware attack while a message to the Heinrich Heine University instructed the hospital officials to communicate with the attackers. The Duesseldorf University Hospital is affiliated to the Heinrich Heine University.
The Duesseldorf police eventually contacted the perpetrators and told them that the attack had hit not the university, but a hospital that treats emergency patients. After which, the attackers withdrew the ransom demand and gave a decryption key to unlock the servers. However, the justice minister report said that they can no longer reach the attackers.
Ransomware attackers used Citrix application vulnerability
Hospital officials confirmed the cyberattack on Twitter on September 17. The thread said that restoration is ongoing after "security gap in widespread software enabled access." Attackers allegedly exploited the vulnerability discovered in "widespread commercial add-on software." The tweet also noted that there is no evidence that data has been destroyed or that any specific information was fished.
Meanwhile, as the name of the commercial add-on software was divulged, Dr. Thomas Jaeschke replied to the hospital's tweet: "Then it would make sense to name this additional commercial software when so many other companies are affected!?!" However, the hospital said that it already informed responsible authorities, including the BSI which is responsible for issuing security warnings.
The ZDNet reported that the BSI tweeted a link to the advisory it issued in January when it warned about CVE-2019-19781, a critical vulnerability in the Citrix application delivery controller. This is being used to balance inbound application traffic.
Citrix is has not yet issued a response after to Ars Technica sent an email about the vulnerability and whether it was used in the Duesseldorf hospital attack. On September 16, federal prosecutors said on news reports that CVE-2019-19781 was among several vulnerabilities reportedly used by China-backed hackers to attack game and software developers.
This is not the first time that hospitals were paralyzed by a ransomware attack. In 2019, three hospitals in Alabama were hit by attacks and they allegedly paid the ransom to get the decryption key and restore their systems. Seven hospitals in Australia were also attacked by cybercriminals, but it is not clear whether they also paid the ransom.
This is owned by Tech Times
Written by CJ Robles