Medical superbugs: Two German hospitals hit with ransomware

Share this…

Infection forces patients onto phones and medicos onto faxes.

At least two hospitals in Germany have come under attack from ransomware, according to local reports. The alarming incidents follow similar ransomware problems at the US Hollywood Presbyterian Medical Center.

Both the Lukas Hospital in Germany’s western city of Neuss and the Klinikum Arnsberg hospital in the German state of North Rhine-Westphalia were attacked by file encrypting ransomware, Deutsche Welle reports.

The German broadcaster details how swift action at he Lukas Hospital contained the problem. Techies responded to unusual pop-up warnings on systems combined with the network running slowly two weeks ago by pulling the plug. This stopped the malware spreading more widely.

Even so, the spread caused considerable damage and general inconvenience even though the hospital kept backups and only a few hours of data had been lost.

“Our IT department quickly realised that we caught malware that encrypts data,” spokesperson Dr. Andreas Kremer told DW. “So if the X-ray system wants to access system data, it failed to find it because it’s been encrypted, so it displays an error message.”

Medical superbugs: Two German hospitals hit with ransomware

Email was also affected. Technical staff estimate it may take weeks to return electronic systems to normal. In the meantime patients are being advised to phone if they have questions about appointments or other queries. Staff are back to using pen and paper, exchanging patient reports using faxes (’90s communication technology). Some high risk surgeries have been postponed because of security concerns but more than four in five operations are taking place as scheduled.

The Klinikum Arnsberg was also hit by ransomware, thought to have entered systems after staff opened a booby-trapped email attachment. Staffers detected the malware on one of the hospital’s 200 servers before pulling the plug, DW reports.. Recovery simply involved restoring files on the single affected server from backups.

Ransomware encrypts data before demand payment from victims for the private key generally necessary to decrypt files. The well developed scam relies on tricking victims either to open dodgy emails of victims or to visit malign websites running malicious code designed to push malware onto the systems of visiting surfers. The fraud is mostly opportunistic, affecting businesses and home users alike.

Since the start of the month a small number of hospitals around the world have emerged as victims of the scam. For example, a Hollywood hospital paid about $17,000 in Bicoins to cybercriminals following a seemingly similar ransomware infection earlier this month.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Hollywood Presbyterian Medical Center’s president Allen Stefanek said in a statement, AP reports.

Neither of the German hospitals appear to have paid out. The Lukas Hospital has reported the matter to the authorities.

Police will have their work cut out in bringing crooks to justice. Aside from the problem of tracing the BitCoin transactions, many ransomware scams are run by crooks in either Russia or the Ukraine.