An attack on the Duesseldorf University Clinic’s systems has led to what might be the first fatality indirectly resulting from a ransomware attack. Last Thursday, an unidentified hacker used a vulnerability in a “widely used commercial add-on software” to gain access to the hospital’s systems. Systems gradually began going offline and hospital personal were unable to access any information on the network. As a consequence of the attack, many procedures had to be canceled and some patients in need of emergency services had to be rerouted to other hospitals. This rerouting led to the death of a German woman who was unable to get to another hospital in time. A ransom note was left on the hospital’s servers with information on how to get in contact with the ransomware operators, but no demand was made. Police established contact with the ransomware operators, who thought that they were attacking Duesseldorf University and not a hospital. Once the operators were informed that they had endangered hospital patients, they withdrew their demands and provided a decryption key. The hospital’s IT staff have begun recovering the impacted servers to bring systems back online.