fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Attack at German Hospital Leads to Death of Patient

Ransomware Attack at German Hospital Leads to Death of Patient

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

On September 10th, the Duesseldorf University hospital in Germany suffered a ransomware attack after threat actors exploited a software vulnerability in “a commercial add-on software that is common in the market and used worldwide.”

With their IT systems disrupted, the hospital announced that planned and outpatient treatments and emergency care could not occur at the hospital.

Those seeking emergency care were instead redirected to more distant hospitals for treatment.

Also Read: The Scope of Singapore Privacy: How We Use It In A Right Way

German media reports that the police contacted the ransomware operators via the ransom note instructions and explained that their target was a hospital.

The ransom notes left on the hospital’s encrypted servers were incorrectly addressed to Heinrich Heine University, rather than the hospital itself.

After the police contacted the threat actors and explained that they encrypted a hospital, the ransomware operators withdrew the ransom demand and provided a decryption key.

“The Düsseldorf police then actually made contact and informed the perpetrators that a hospital – and not the university – was affected by their hacking attack. This puts patients at considerable risk. The perpetrators then withdrew the extortion and handed over a digital key with which the data can be decrypted again,” German media NTV reported.

Since receiving the key, the hospital has slowly been restoring systems, and investigations concluded that data was likely not stolen.

Patient dies after forced to go to another hospital

NTV reports that a patient in a life-threatening condition was redirected to a more distant hospital after Duesseldorf University hospital deregistered its emergency services.

This disruption led to the patient receiving care an hour later, which may have led to their death.

Due to the death of the patient, German prosecutors are investigating this attack as a negligent manslaughter.

“Prosecutors launched an investigation against the unknown perpetrators on suspicion of negligent manslaughter because a patient in a life-threatening condition who was supposed to be taken to the hospital last Friday night was sent instead to a hospital in Wuppertal, a roughly 32-kilometer (20-mile) drive. Doctors weren’t able to start treating her for an hour and she died,” AP news reports.

Also Read: The Importance of DPIA And Its 3 Types of Processing

Some ransomware state they won’t attack healthcare

At the beginning of the Coronavirus pandemic, BleepingComputer reached out to different ransomware operations to see if they would continue to attack healthcare and medical organizations.

The CLOP, DoppelPaymer, Maze, and Nefilim ransomware operators stated that they would not target hospitals, and if one was encrypted by mistake, they would provide a free decryption key.

“We always try to avoid hospitals, nursing homes, if it’s some local gov – we always do not touch 911 (only occasionally is possible or due to missconfig in their network). Not only now.”

“If we do it by mistake – we’ll decrypt for free,” the DoppelPaymer ransomware operators told BleepingComputer.

Netwalker also stated that they do not target hospitals, but said that if they encrypted one by accident, the hospital would still need to pay the ransom.

“If someone is encrypted, then he must pay for the decryption,” Netwalker told BleepingComputer.

Even still, after making these promises, we continue to see attackers targeting hospitals without any concern for the health of their victim’s patients.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us