Cyberangreb på tysk universitetshospital førte til død og internationale efterforskning
The Attack on Universitätsklinikum Düsseldorf
On September 10, 2020, Universitätsklinikum Düsseldorf (UKD), one of the Rhineland's leading university hospitals, was subjected to a massive ransomware attack. The attack was later attributed to the cybercriminal group Netwalker, known for targeting organizations with high financial capacity to pay ransoms. The attack presented Germany with an unprecedented security crisis within the healthcare sector and drew attention from both national and international security authorities.
The Course and Cost of the Attack
Ransomware-Angriff beginnt
Das Universitätsklinikum Düsseldorf wird von der Netwalker-Ransomware attackiert. Die Hackergruppe verschlüsselt kritische Krankenhaussysteme und fordert Lösegeld.
Systemausfall und Patientenabweisung
Die elektronischen Systeme des Krankenhauses sind komplett lahmgelegt. Die Notaufnahme muss Patienten abweisen, Operationen werden abgesagt. Eine 78-jährige Frau stirbt, nachdem sie abgewiesen wurde.
Krisenstab wird aktiviert
Die Deutsche Telekom und das BSI (Bundesamt für Sicherheit in der Informationstechnik) werden zur Unterstützung bei der Systemwiederherstellung hinzugezogen.
Lösegeldforderung wird bekannt
Die Netwalker-Gruppe bestätigt ihre Forderung von rund 2,5 Millionen Euro für die Entschlüsselung der Krankenhausdaten.
Polizei startet Ermittlungen
Bundes- und Landesbehörden nehmen formell die Ermittlungen wegen schwerer Cyberkriminalität auf.
Neue Sicherheitsrichtlinien werden eingeführt
Deutschland führt verschärfte Cybersicherheitsgesetze ein und stellt mehr Ressourcen zum Schutz kritischer Infrastruktur bereit.
Netwalker-Gruppenmitglieder verhaftet
Internationale Polizeikräfte nehmen mehrere Personen fest, die mit der Netwalker-Gruppe in Verbindung stehen und für diesen und andere Cyberangriffe verantwortlich gemacht werden.
Hackers infiltrated the hospital's IT systems and encrypted critical data. As with a typical ransomware attack, the perpetrators demanded a ransom—in this case approximately 19 million Danish kroner—in exchange for decrypting the systems. The hospital was forced to shut down parts of its operational capacity, as doctors and nurses could not access electronic patient records and other vital medical systems.
Particularly tragic about the attack was that it had direct consequences for patient care. A 78-year-old woman who was scheduled to undergo cancer treatment was turned away and died shortly thereafter from a stroke. Although no direct causal link could be established, her death was nonetheless connected to the attack in media coverage, and questions were raised about the hospital's crisis management and preparedness for handling cyberattacks.
Response and Investigation
Deutsche Telekom and German cybersecurity authorities were called in to assist with system recovery. Cyberattacks on the healthcare sector quickly became a priority investigation. The attack drew political interest at the highest level, as it revealed Germany's vulnerability to cyberterrorism targeting critical infrastructure.
The Netwalker group, which claimed responsibility, was previously known for attacking companies worldwide. The group typically operated by stealing sensitive data before encryption—a double extortion tactic in which they threatened to publicly release data if the ransom was not paid. UKD was therefore under double pressure: both system restoration and data protection.
Security Implications
The attack on UKD became a wake-up call for both German and European critical infrastructure. The hospital had followed standard cybersecurity procedures, but the hackers were sophisticated enough to bypass them. Ransomware attacks on hospitals subsequently became the subject of intensive focus from security authorities.
Legal Follow-up
In the years following the attack, several individuals linked to the Netwalker group were identified and charged in various countries. The attack did not result in convictions directly tied specifically to the UKD attack, but it contributed to international efforts against organized cybercrime.
The German Justice Ministry used the case as evidence for the need for stricter cybersecurity legislation and increased resources for digital investigation. In 2021, new guidelines were introduced for the protection of critical infrastructure in Germany.
Aftermath
The 2020 UKD attack remains one of the most serious cyberattacks on European healthcare and serves as a historical example of the ransomware threat to critical infrastructure. The hospital eventually restored its systems, but the attack left deep marks on the debate about digitalization, cybersecurity, and the state's responsibility for protecting essential societal functions.
The case also illustrates an important legal complexity: even when perpetrators are identified (as with the Netwalker group), prosecution can be difficult when they operate from jurisdictions without extradition agreements with Western countries. This became a central theme in international cybersecurity cooperation after 2020.