(Reuters) – German prosecutors launched a murder investigation on Friday into the case of a patient who died after a hospital in the western city of Düsseldorf could not recognize her because its system had been disrupted by a cyber attack.  The female patient, who suffers from a life-threatening illness, had to be rejected on the night of September 11 by the city's university clinic and died after the ambulance carrying her was diverted to Wuppertal, 200 km away.
Prosecutor Christoph Hebbecker, head of the cybercrime unit in Cologne, said he had launched an investigation into the negligent murder of unknown individuals, the Kolner-Stadtanzeiger newspaper reported. Hebbecker could not be reached for comment.
If the investigation leads to prosecution, it would be the first confirmed case where a person has died as a direct result of a cyber attack.
The University Hospital of Düsseldorf, the capital of Germany's most populous state in North Rhine-Westphalia, was hit by a ransomware attack on September 1
The hospital's IT operations are still affected and it can still not recognize patients who were brought in by ambulance, it said on Friday.
Germany's cyber security agency, the Federal Office for Information Security, was called in to support the hospital's system. Its head, Arne Schoenbohm, said the Citrix shortage had been known since December 2019 and urged healthcare facilities not to delay IT security upgrades.
"I can only urge you not to ignore or postpone such warnings without taking appropriate action immediately," Schoenbohm said in a statement. "This incident shows once again how serious this danger must be."
Ciaran Martin, who resigned as head of Britain's National Cyber Security Center this month, said the incident could prove to be the first death caused by a cyber attack.
"If this is confirmed, this tragedy would be the first case I know of, anywhere in the world, where the death of a human life can in any way be linked to a cyber attack," he said of an incident in London.