Ransomware may have been the possible cause of death of a patient in Dusseldorf. A ransomware attack on thirty servers at the Dusseldorf University hospital on September 9, 2020 prevented immediate emergency treatment and resulted in the patient having to be transported to a facility 20 miles away where she died from a delay of treatment.
As a result, prosecutors in Germany are initiated a negligent homicide investigation. If the cyber attack is found to be the direct cause of death the investigation will be changed to a murder case.
Breach May Have been Avoidable
Initial findings indicate that this cyber event may have been avoidable. The hackers gained access through a security flaw in Citrix’s VPN software that dated back to January of 2020. Apparently the Dusseldorf University was not the intended target of the hackers. It was reported that they provided a ransomware decryption key for free to the institution.
The Costs of Cyber Crime
Much has been reported on the enormous costs of cyber crime. The FBI Internet Crime Complaint Center reported that cyber crime costs in the United States on the public and private sectors were over 10 billion dollars.
The real costs, however, cannot be assigned monetary amounts. The real value of private and proprietary data is an unknown quantity. The resources necessary to respond to a cyber incident and the requisite anguish and anxiety generated are likewise difficult parameters to assign costs to.
The Larger Picture of Cyber Vulnerability
Institutions of all sizes are vulnerable to cyber attacks. Medical facilities have been major targets internationally. Especially since the Covid pandemic. These attacks have not only targeted hospitals but pharmaceutical and medical research organizations.
In this incident ransomware was a possible cause of death for a single unfortunate person. However, when these organizations’ activities are disrupted all of our lives are threatened.
Infrastructure is also a target of cyber attacks. Industrial sites are reliant on technology other than computer systems. Unfortunately, much of the technology in place is composed of legacy systems with little or no IT support.
Additionally these facilities require security for devices spread around large facilities where access to unauthorized persons is difficult to control. Again lives are threatened when providers of essential goods and services are disrupted.
The United States and its allies are under constant attack from cyber criminals and hostile nation states including China, Russia, North Korea, and Iran. These attacks threaten governmental agencies, the military, and defense industry. Numerous responses have been taken including the formation of the Cybersecurity and Infrastructure Security Agency (CISA) and the implementation of Cybersecurity Maturity Model Certification (CMMC).
Cybersecurity Approached Responsibly
Institutions, organizations, businesses, and governments must all be responsible players in cybersecurity. Effective cybersecurity practice for these entities requires appropriately developed Information Security Management Systems (ISMS) to identify risks, develop requisite processes and procedures, and maintain effective incident responses to deal with cyber crime.
CVG Strategy is committed to helping business achieve these goals. We can help your organization with ISO 27001, NIST 800-171, and CMMC.