German authorities probing a cyber attack on a hospital’s IT system that led to a fatal delay in treatment for a critically ill woman believe the software used can be traced back to Russian hackers.
In an update to lawmakers published on Tuesday, prosecutors wrote that hackers used malware known as “Doppelpaymer” to disable computers at Duesseldorf University Hospital on September 10, aiming to encrypt data and then demand payment to unlock it again.
The same ransomware has been used in cyber attacks around the world carried out “by a group of hackers that, according to private security firms, is based in Russia”, the report said.
The attack saw the hospital’s computer system become disconnected from the ambulance network.
A severely ill woman was therefore admitted to a hospital further away in Wuppertal and died shortly afterwards.
The longer distance that the ambulance had to travel led to an hour’s delay before medical staff were able to treat her.
Cologne prosecutors last week opened an investigation into involuntary manslaughter against unknown suspects over the woman’s death.
If charges are brought, it would be a rare case of a hacking with deadly consequences.
Investigators suspect that the hackers had not meant to hit the hospital, with the actual target thought to have been the affiliated Heinrich Heine University in Duesseldorf.
Local police were able to contact the hackers during the attack to tell them patients’ lives were at risk, prompting the hackers to hand over a decryption key before breaking off communication.
Germany has seen several hacker attacks on research and higher education institutions in recent months, including the University of Giessen, the University of Cologne and the Ruhr University Bochum.
The German government has in recent years blamed Russia for several high-profile attempts by hackers to spy on lawmakers or leading politicians, including Chancellor Angela Merkel.