Is the Düsseldorf cyberattack really the first to result in death?

September 23, 2020, 3:25 PM UTC
Emergency Medical Technicians move a gurney out of the emergency entrance into an ambulance at Mt. Sinai-Beth Israel Hospital amid coronavirus crisis. John Lamparski—SOPA Image/LightRocket/Getty Images
John Lamparski—SOPA Image/LightRocket/Getty Images

German authorities are investigating what may be, as no shortage of media coverage has posited, the world’s first death linked to a cyberattack.

As the reports go: A ransomware-crippled clinic in Düsseldorf, Germany, turned away an ambulance bearing someone in need of emergency care earlier this month. The 78-year-old patient, who was suffering an aortic aneurism, died after being rerouted to another facility. (It is not clear whether quicker medical intervention would have saved her life.)

The incident represents a grievous health-care failure in a year full of them. Yet whenever I read “first,” my journalistic skepticism sensors go blaring. It takes only one example to disprove a supposed first. And as the Old Testament has long instructed humanity, there is nothing new under the sun.

What qualifies as a death linked to a cyberattack? Does the U.S. military blowing up an enemy combatant—or an innocent bystander, for that matter—by remotely detonating an improvised explosive device via hijacked cellular signal count? Or how about if a government—the Communist Party of China, say—kills moles and CIA informants after learning their identities, having hacked the covert communications network by which they communicate? How exactly does one define “cyberattack,” and when can it be said to result in death?

Perhaps one might grant that the Düsseldorf incident represents the first explicitly recorded case of a cyberattack leading to the death of a civilian. But even then, the data appear to indicate otherwise.

A study published last fall in Health Services Research, a health-care journal, suggests that cyberattacks have been killing people for years. The researchers, surveying Department of Health and Human Services records pertaining to more than 3,000 U.S. hospitals between 2012 and 2016, found an uptick in deaths at hospitals that recently suffered data breaches and ransomware attacks.

Hospitals that had been hit with such cyberattacks in the past three years were, on average, 2.7 minutes slower to take patient electrocardiograms—and their patients were 0.36% likelier to die of a heart attack. “Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes,” the authors concluded, in that jargony, passive voice of institutional science that so effectively disguises tragedy.

The uptick may seem like a small one, but it is real—and devastating. Across the whole health-care system, meager increases in mortality rates have profound impacts. These are people’s lives we’re dealing with; basis points represent parents, siblings, loved ones.

The Düsseldorf hackers are still at large—as are so many other deplorable hospital-extorting cybercriminals. Christoph Hebbecker, head of the cybercrime unit in Cologne, told me his team has opened a negligent homicide investigation and is pursuing leads. “There are no specific persons under investigation right now,” Hebbecker said in an email. “We are investigating in all directions.”

This may not, in actuality, be the first civilian casualty linked to a cyberattack. But it is heartbreaking nonetheless.


Thank you to everyone who wrote in about my Apple Watch dilemma. So many people shared their opinions! The winner of my online poll was, as Aaron alluded to last week, clear: the Apple Watch Series 6. Of course, it is the most expensive option. (You can read Aaron’s review here.)

Now I just have to decide on the finish and wristband…

Robert Hackett

Twitter: @rhhackett


This is a public service announcement. Beware fake news come election time. The Federal Bureau of Investigation and Cybersecurity Infrastructure Authority issued a joint PSA warning Americans that “foreign actors and cybercriminals likely to spread disinformation regarding 2020 election results.” As though on cue, Facebook said it took down a network of China-based fake accounts peddling election falsities. Sadly, foreign trolls’ jobs have gotten easier today as all they have to do is quote the president, the New York Times points out.

‘Shield’ or get off the pot. The associate general counsel of Facebook warned in a Dublin court filing that the company may be unable to continue operations in Europe now that the EU’s top court has struck downprivacy shield,” an international data-sharing agreement. Soon after, Nick Clegg, Facebook’s VP of global affairs and communications (formerly the UK’s deputy Prime Minister), denied the possibility of a pullout. “We of course won’t” shut down in Europe, he said.

A bicycle built for who? A Peloton-rivaling exercise bike appeared on Amazon’s online marketplace as a product exclusively available to Amazon Prime members. Hours after the $500 Prime Bike went on sale, Amazon removed the listing, warning potential buyers that the bike is “not an Amazon product or related to Amazon Prime.” In a since-pulled press release, the company behind the workout device, Echelon, apparently lied, calling the bike “Amazon’s first-ever connected fitness product.”

You're in; you're out. Apple has opened its first online store in India, the world’s fastest-growing smartphone market. The Indian government eased foreign retail rules last year, creating an opening for the iPhone-maker to begin selling its products directly to Indian consumers. Indian fans of embattled TikTok, meanwhile, are mourning the loss of their favorite viral video app, which the government recently banned.

Battery cell? More like battery "sell." Investors were none too pleased by Tesla’s highly anticipated “battery day” event. Shares in the electric carmaker dropped more than 6% after a hoped-for announcement of a million mile-battery failed to materialize. CEO Elon Musk did debut some battery innovations and cheaper overall costs, which Fortune’s David Morris details here; ambitiously, Musk wants to introduce a $25,000 mass market vehicle in three years.

Dispatches from the anarchy jurisdiction.


You're being followed. An investigation by The Markup, a journalism outfit funded by Craig Newmark, the billionaire creator of Craigslist, scanned more than 80,000 of the world’s most popular websites to reveal the pervasiveness of online tracking. Most people probably don't realize just how prevalently third-party trackers glom onto their browsers, or how websites use privacy-thwarting techniques like "fingerprinting" to evade cookie-blockers.

Prepare for an eye-opening read...and an interactive one! You can use Blacklight, the investigative team's custom-made digital endoscope, to do your own research

Zajac was floored when The Markup showed her how many trackers appeared on the site. She said she learned a hard lesson: “If it’s free, that doesn’t mean it’s free. It just means it doesn’t cost money.” Instead, it costs your website visitors’ privacy.  


Microsoft has a solution for work days that blend into home life: a virtual commute by Dina Bass

Tesla lays out path to an electric car cheap enough for most people by David Z. Morris

Facebook users in Illinois can now apply for a privacy payout of up to $400 by Jeff John Roberts

How Microsoft’s Bethesda deal echoes Disney’s Star Wars and Marvel buys by Lucinda Shen

Could “Mindful A.I.” be the key to successful A.I.? by Jeremy Kahn

Instagram’s would-be TikTok killer, Reels, struggles to gain traction by Danielle Abril

(Some of these stories require a subscription to access.Thank you for supporting our journalism.)


In June, Mwazulu Diyabanza, a Congolese activist, livestreamed a tirade against colonial-era cultural theft from the Quai Branly Museum, home to treasures from France’s former colonies. Then he tried to make off with an African artifact—an act he repeated at two other reliquaries. Diyabanza and his associates will stand trial fro attempted theft in Paris on Sept. 30, an event that is likely also to put Europe's history of imperial plunderage on trial.

“The fact that I had to pay my own money to see what had been taken by force, this heritage that belonged back home where I come from—that’s when the decision was made to take action,” Diyabanza said in a recent interview. I hope things end up better than they did for Black Panther villain Erik Killmonger.

Read More

CEO DailyCFO DailyBroadsheetData SheetTerm Sheet