Patient Death Attributed to Hospital Ransomware Attack

Written by: Richard Sheinis, Esq.

German authorities are investigating the death of a patient following a ransomware attack on a hospital in Germany.  The unknown perpetrators potentially face charges of negligent manslaughter.  Last Friday, a patient in need of urgent medical care was re-routed from the Düsseldorf University Hospital, to a hospital more than 30 kilometers  away.  The Düsseldorf University Hospital was dealing with a ransomware attack and was unable to accept the patient. The patient died.

The ransomware attack was evidently intended for a university.  When police contacted the attackers and told them the attack hit a hospital, the attackers withdrew the ransom demand and provided a decryption key to unlock the affected servers.

This is the first ever reported human death indirectly caused by a ransomware attack.  If such an incident were to occur in the United States, we would likely see a lawsuit on behalf of the patient’s family alleging that negligent computer security by the hospital allowed the ransomware to encrypt the hospital’s computer servers.   This required that the patient be diverted to another healthcare facility, which ultimately caused the patient’s death.  The lesson is that computer security is not just a data issue, it is a patient care issue.

Leave a comment