DUESSELDORF (Reuters) – German prosecutors opened a homicide investigation on Friday into the case of a patient who died after a hospital in the western city of Duesseldorf was unable to admit her because its systems had been knocked out by a cyber attack.
The female patient, suffering from a life-threatening illness, had to be turned away on the night of Sept. 11 by the city’s University Clinic and died after the ambulance carrying her was diverted to Wuppertal, 30 km (20 miles) away.
Prosecutor Christoph Hebbecker, head of the cybercrime unit in Cologne, said he had opened an investigation into negligent homicide against unknown persons, the Kolner-Stadtanzeiger daily reported. Hebbecker could not be reached for comment.
If the investigation leads to a prosecution, it would be the first confirmed case in which a person has died as the direct consequence of a cyber attack.
The University Clinic in Duesseldorf, capital of Germany’s most populous state of North Rhine-Westphalia, was hit by a ransomware attack on Sept. 10 that penetrated its systems via a flaw in a Citrix VPN system.
The hospital’s IT operations remain affected and it is still unable to admit patients brought in by ambulance, it said on Friday.
Germany’s cyber-security agency, the Federal Office for Information Security, was called in to shore up the hospital’s systems. Its chief, Arne Schoenbohm, said the Citrix flaw had been known about since Dec. 2019 and called on healthcare facilities not to delay IT security upgrades.
“I can only urge you not to ignore or postpone such warnings but to take appropriate action immediately,” Schoenbohm said in a statement. “This incident shows once again how seriously this danger must be taken.”
Ciaran Martin, who stepped down as the head of Britain’s National Cyber Security Centre this month, said the incident could be prove to be first death caused by a cyberattack.
“If confirmed, this tragedy would be the first case I know of, anywhere in the world, where the death of a human life can be linked in any way to a cyberattack,” he told an event in London.
(Reporting by Douglas Busvine and Tom Kaeckenhoff, additional reporting by Jack Stubbs in London, editing by Louise Heavens)
