clinic compromised by cyber criminals

Düsseldorf university clinic compromised by cyber criminals

According to the BSI report "The State of IT Security in Germany 2019", the number of reported IT security incidents in the KRITIS Health Sector was in third place with 47 reported IT security incidents in the reporting period.

Since medical facilities are particularly vulnerable to security threats due to their open network architectures and simply because of the large number of users, it needs special attention to network security and data transmission. Access to information via private mobile devices must remain verifiable and be secured by appropriate encryption technologies such as VPN. In addition, you need to be compliant with legal regulations such as GDPR and KRITIS and industry standards such as the B3S (in Germany).

Complete failure of the IT at the University Hospital in Düsseldorf

The fact that IT security in hospitals and the health care system in general is of essential importance is shown not least by the recent incidents surrounding the failure of the entire IT at the University Hospital in Düsseldorf. A few days ago, 30 servers of the university hospital had been encrypted and an extortion letter had been transmitted. The background to the IT failure was ransomware, which is often infiltrated into end devices via spam e-mails, infected removable drives, hacked or compromised websites or even hidden in legitimate software bundles.

The spicy thing about this case: Apparently, the blackmail letter was delivered to the Heinrich Heine University in Düsseldorf, so it is assumed that the university hospital was not the intended target of the attack. Allegedly, the blackmailers had withdrawn their blackmailing after the Düsseldorf police had contacted them and informed them that the welfare of the patients was at considerable risk. After the IT system of the university hospital of the capital of North Rhine-Westphalia failed, the building could no longer be accessed by ambulances and rescue services.

The fact that the hospital could be attacked at all was due to a suspected security gap in an application. Until this could be closed by a patch, the attackers already had enough time to penetrate the hospital systems and encrypt data access.

Application protection in healthcare

IT security gaps in healthcare applications can have devastating consequences. The more web applications are used, the higher the potential threat to those that are accessed via the web and are therefore vulnerable to external attacks.

Ransomware infects healthcare infrastructures repeatedly, because in 24/7 hospital operations it is very difficult to keep software infrastructure up-to-date or even to get a possible downtime slot. Computers running legacy software that only runs under special operating systems or driver versions are also an easy target. Added to this are the often obsolete devices that can hardly be updated and thus act as a reservoir for malware that is distributed in the network.

The more areas within a hospital are optimized by IT systems, the more they become potential targets for attack. In recent years, hospitals around the world are targets because hackers do not stop at the healthcare sector. However, only future-proof, proactive, state-of-the-art cybersecurity solutions can guarantee functioning healthcare services and secure, networked hospital operations. We have summarized how this can be achieved in IT security in the healthcare sector.

After being contacted by the police in Düsseldorf, the blackmailers transmitted a digital key to decrypt the data. Now the responsible public prosecutor's office is investigating for negligent homicide, as an emergency admission could not be made and a patient died.






我同意,在网站Imprint中提到的Rohde & Schwarz GmbH & Co. KG和罗德与施瓦茨实体及分支机构 可出于营销和广告之目的(例如提供特价优惠和折扣促销信息)而通过选定渠道(电子邮件或邮政信件)与我联系并提供相关信息,包括但不限于测试与测量、安全通信、监测与网络测试、广播电视与媒体以及网络安全领域的产品和解决方案相关信息


您可以随时发送电子邮件至 撤销此同意声明,邮件主题注明“Unsubscribe”即可。此外,我们发送给您的每一封电子邮件中都含有电子邮件取消订阅链接。有关个人数据使用和撤销程序的详情,请参阅“隐私声明”

An error is occurred, please try it again later.