A ransomware attack on a German hospital delayed treatment for one woman and ultimately led to her death, a state Justice Ministry has suggested. The hospital may not have even been the target of the attack.
Authorities in the German state of North Rhine-Westphalia launched an investigation on Thursday into suspected "negligent homicide" after a ransomware attack crippled a hospital in Düsseldorf.
A woman scheduled for life-saving treatment at the Düsseldorf University Clinic on Friday night had to be redirected to a hospital in Wuppertal roughly 60 kilometers (38 miles) away.
A ransomware cyberattack had forced emergency services to redirect nearly ambulances bound for the Düsseldorf hospital to other medical facilities.
The state Justice Ministry suggested the woman had died as a result of the delay in treatment caused by the ransomware.
Observers have suggested that her death is the first caused by a ransomware attack.
German state authorities said the attack on the hospital was likely unintended. On one of the servers, a note was found requesting that the Heinrich Heine University get in contact with the perpetrators.
"There was no concrete ransom demand," according to the hospital.
About 30 servers were targeted in the attack, which exploited "widely used commercial add-on software."
Independent cybersecurity and privacy researcher Lukasz Olejnik described a "very serious indirect link" between the attack and the woman's death.
"On lethal cyberattacks, there are a lot of uncertainties," said Olejnik in an analysis published last year. "Technically killing with [a] cyber-operation is possible. It would have serious consequences. On the other hand, detection today is not certain."
ls/sms (AP, AFP)