Düsseldorf University Hospital has become infected with ransomware through a known vulnerability in Citrix. The disrupted systems caused that the hospital could no longer receive ambulances, among other things.
The Ministry of Justice of the German state of North Rhine-Westphalia released a message yesterday that a patient had died as a result of the ransomware attack. The woman should have been taken to hospital by ambulance, but because of the system failure, she had to divert to a more distant hospital, which meant that her treatment came too late.
At the end of January, Citrix released security updates for the vulnerability, which were installed the same day, the hospital said. A bug prevented the set mitigation measure from being applied to all versions. Citrix advised customers to update to a version of the software where the workaround did work. The hospital also announced that the Citrix solution offered did not work.