Você está aqui: Página Inicial / Blog / Ransomware in the Hospital: When a Cyber Attack Causes Physical Harm

Ransomware in the Hospital: When a Cyber Attack Causes Physical Harm

Because of his profession, Lenda occasionally finds himself obliged to write stories about cybercrimes. However, he never thought about delving into the subject, preferring to focus on more “traditional” editorials. After he was diagnosed with a serious illness and was hospitalized, his own life was put at risk when a gang of criminals invaded the systems of the institution where he was being treated.

The reporter learned the hard way that hospitals are not usually ready for this kind of problem. Most hospital equipment used today — including that responsible for meeting critical needs and monitoring patients' vital signs — is connected to the Internet and operated remotely by experts in the field.

Obviously, it is crucial that systems work well so that electronic medical records can be moved as quickly as needed. And that's exactly why, when the hospital's computers were hijacked by ransomware, the systems stopped working — including the machines that were keeping Lenda alive. These were hours of terror, agony and uncertainty.

For a safer world

 hospital had no backups. Lenda only survived because the institution decided to pay the ransom to save the hundreds of lives that were in danger. After that day, he vowed to do everything in his power to prevent this type of incident from happening again — and if there's one thing that everyone at Hackers Rangers knows well, it's that users are the front line of protection against such threats.

Most of the time, ransomware is distributed through phishing campaigns, which are fake emails designed to trick Internet users to convince them to open a malicious attachment or to click on a suspicious link. In a few seconds, the virus infects the machine and spreads throughout the corporate network.

Between real and virtual

Recently, a tragic case made headlines in major newspapers around the globe: A woman died as a result of a cybercriminal attack on a hospital in Germany. The healthcare institution was the victim of ransomware — a type of malware that hijacks computers and demands a ransom to release them — and, as a result, it had to pause most of its emergency care.

The case took place at Düsseldorf University Hospital, and the victim, who was scheduled for a critical procedure that could save her life, had to be urgently relocated to another hospital 30 kilometers away. She did not resist the trip and died. This is the first time that ransomware was directly attributed to the death of a person, which proves that the boundaries between the virtual and the physical have become increasingly blurred.

Article originally written in Portuguese by Perallis Security Content Team: Ransomware no hospital: quando um ataque cibernético causa danos físicos — Perallis Security