As German authorities are investigating the death of a patient indirectly caused by a ransomware attack, it’s time to take a look at our organizations’ security systems and ask ourselves: are we doing enough to protect our vital data?
As ZDNet reports, the Duesseldorf University Clinic was unable to receive a patient, as it was in the midst of dealing with a ransomware attack that hit its network. Consequently, the patient died after being re-routed to another hospital, more than 30 km away. The ransomware attack on the Duesseldorf University Clinic occurred on September 10th. According to Associated Press, the hospital’s systems gradually crashed and the hospital wasn’t able to access data. As a result, many surgeries were postponed and emergency patients were taken elsewhere. Although the investigation later showed that the attack was aimed at the local university and not at the hospital itself, and hackers soon provided the decryption key, the damage is done and human life can not be brought back.
Hospital officials claim the ransomware attack was caused by weak cybersecurity measures: a vulnerability in a widely used commercial software was a good entry point for the hackers. Unfortunately, this is just another grim example of how weak cybersecurity practices can affect the work of organizations and businesses. The damage can be enormous, even if the vital data is blocked just for a few days. In cases such as this one, where human life is in danger, we can talk about minutes.
Learn smart, not hard
The bad news is, this is not an isolated case, but a very common problem. Many enterprises learn the hard way about the necessity of additional safety measures and detailed cybersecurity training of their teams. So, instead of relying on one type of commercial software, we should add more layers of protection: regular backups, stronger password policies (or even abandoning passwords entirely for more secure types of authentication), and the most important – staying updated on the cybersecurity trends and keeping the employees informed about the old and new dangers that lurk online. It’s easier and cheaper than fixing the damage and paying the recovery efforts. As we can see from this case, the damage can be far greater than just financial losses.