German authorities have opened a “negligent homicide” investigation related to a ransomware attack that hit a hospital in Düsseldorf on 10 September, according to local press reports.
The cyber attack caused network outages that forced the clinic to divert patients who needed emergency care to another location.
Christoph Hebbecker, who heads a cybercrime unit at the Cologne prosecutor’s office, said on Friday that the investigation was “justified”, although the circumstances of the woman’s death are still being investigated, reports Kölner Stadt-Anzeiger, another German newspaper. The homicide investigation is in addition to the blackmail and piracy investigations that are already underway.
Some cybersecurity experts have suggested that the death could be the first recorded death related to a ransomware attack. The hospital and prosecutors did not immediately respond to Fortune’s request for comment.
When an ambulance carrying the patient approached the Düsseldorf University Hospital on the night of September 11, it was redirected to a medical care center in Wuppertal, a city 20 miles to the east.
The change of destination is said to have delayed the patient’s receipt of medical care by an hour.
The police are said to have contacted the hackers, who left a blackmail note and persuaded them to provide a digital key that would decrypt the hospital’s 30 infected computer servers. The attackers were allegedly unaware that they had attacked an emergency clinic, German officials said.
The hackers sabotaged the hospital’s IT network through a known flaw in Citrix, a provider of a VPN tool, said Arne Schönbohm, president of the Federal Office for Information Security, Germany’s national cybersecurity agency. The agency was called to help bring the hospital back online.
If the ransomware attack actually caused the death of a patient, even indirectly, the incident could go down in history as the first of its kind.
Ciaran Martin, the former executive director of the UK’s National Center for Cyber Security, told the BBC that the incident was unprecedented.
In a ransomware attack, bandits often demand an extortion payment, usually denominated in a cryptocurrency like Bitcoin.
Hospitals have been affected by a growing number of ransomware attacks in recent years. Although law enforcement agencies advise people not to pay such ransoms as they encourage more crime, sometimes to regain control of computer systems, people do, especially in the medical field where life can be at stake.
Thomas Rid, a professor of strategic studies at Johns Hopkins University, also called for caution.
While some reports have suggested that the hackers, in this case, never intended to destroy a medical clinic (German officials said the hospital could have been accidentally infected), it appears that no armistice is being enforced.
The hospital is still trying to recover its computer systems. “As things stand today, we hope to be able to resume emergency care … within the next week,” Frank Schneider, the clinic’s medical director, said in a statement.