Originally reported by The Guardian, German prosecutors have opened an investigation into the ransomware attack which resulted in a death, with the anticipated charge of “negligent homicide.” The woman, who is unnamed, was enroute to the hospital in Dusseldorf, with a severe life-threatening emergency. However, because the hospital systems were down as a result of a ransomware attack, she was rerouted to another hospital that was farther away and ended up dying before she could receive treatment. If prosecuted, this would be the first homicide prosecution as a direct result cybercrime.
Analyst Notes
The attackers reportedly gained access to the system through the use of the Citrix VPN vulnerability. Binary Defense recommends that companies still at risk from CVE-2019-19781 either patch servers or follow the mitigation steps in https://support.citrix.com/article/CTX267679, if patching isn’t an option.
To read more, please see: https://www.theguardian.com/technology/2020/sep/18/prosecutors-open-homicide-case-after-cyber-attack-on-german-hospital
