Düsseldorf University Clinic Hit by Ransomware and Patient Dies

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

On September 10, 2020, the Düsseldorf University Clinic announced a ransomware attack that paralyzed its operation completely. While existing patients continued to receive care, of course, no new ones were admitted. This had every case, even emergencies, directed elsewhere.

The days passed, but the IT problems remained, and the hospital wasn’t in a position to pay the ransom of 100 Bitcoins demanded by the malicious actors. On September 14, 2020, a spokesman of the clinic told the press that all planned operations had to be postponed, and all ambulances should take cases on other hospitals.

Unfortunately, one case of a woman in extremely critical condition did reach the clinic yesterday, but the hospital was still unable to treat her and ordered an admission to a nearby city. The patient died during her transport, so this is the first confirmed and direct case of death caused by a ransomware attack.

According to the police who have been investigating the attack since September 11, 2020, the actors were actually targeting the Düsseldorf university and not its clinic, and this was clear from the ransom note. When the police contacted the hackers and told them about the impact of their actions on the hospital, the crooks gave them the decryption key and stopped all communications.

Even if this was a mistake, it highlights the grave risks associated with locking down IT systems in today’s world. On the other side, the event underlines the problems that arise from our over-reliance on computers and cloud networks. A hospital should be able to accept and treat emergencies even if all they have is doctors and nurses, but of course, we are not putting the blame on them.

A study conducted back in November 2019 quantified the increased risk of death due to cyber-attacks. According to the findings of that study, 8% of the UK hospitals that suffered a cyber-attack had to divert emergency cases to other hospitals. Even for those that were admitted on hit clinics, their care was delayed by an average of 2.7 minutes, which can sometimes make the difference between life and death. It is crystal clear that ransomware attacks on hospitals increase the mortality rate of patients.

As we are now going through a second infection wave of COVID-19, intensive care units are already overwhelmed, and doctors are entering the realm of chronic fatigue. Ransomware attacks are the last thing these institutions need, but unfortunately, stopping them is a matter of the hackers and their ethical compass. In this case, the person’s death appears to be “collateral damage”, so not only do ransomware actors need to be ethical, but they also need to be careful.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: