After the Nazi scandal with the police in Mühlheim an der Ruhr, Armin Laschet’s (CDU) government in North Rhine-Westphalia is facing the next trouble.
The background to this is the hacker attack on the Düsseldorf University Clinic on Thursday: at 3 a.m., strangers paralyzed the hospital’s servers – with dramatic consequences for patients: Hundreds of treatments and operations had to be postponed due to the IT failure. One patient even died after being referred to a distant hospital in Wuppertal.
Early October 2019 warning letter to Laumann
According to NewsABC.net research, Laschet’s Health Minister Karl-Josef Laumann (CDU) was warned of such a situation a year ago.
The background was that in July hackers had already paralyzed several clinics in Rhineland-Palatinate and Saarland and wanted to extort money in this way. Back then – as it is now in Düsseldorf – the clinic’s servers were encrypted. The perpetrators demanded money in return for the password with which the data could be decrypted again.
The head of the Federal Office for Information Security (BSI), Arne Schönbohm, warned in a letter to Laumann at the beginning of October 2019 that the threat to hospitals in the country was significantly higher. He also pointed out that there was an urgent need to catch up in protecting hospital IT in North Rhine-Westphalia and offered support from the BSI.
The hospital society also warned of dangers to IT security
But according to information from NewsABC.net, Laumann has not responded to the BSI letter to this day. On request, the BSI will confirm a corresponding offer to the state minister. A spokesman for NewsABC.net: “The offer of talks took place against the background of the cyber attacks on the Lukaskrankenhaus in Neuss and on clinics in Rhineland-Palatinate and Saarland, as well as the decision of the minister not to invest in IT in the next two years -Retrieve security from the hospital structure fund. Unfortunately, there has not yet been an opportunity to have such a conversation. “
Warnings from the hospital society in North Rhine-Westphalia that too little money is available to protect the clinic’s IT were also unsuccessful. At that time, the state government provided the clinics with investment funds of 200 million euros, but these were primarily intended to improve performance, and in some cases were intended exclusively for this purpose.
Specifically, the hospital company warned in March 2019: “The hospitals should and want to help shape the path into the digital age, network telemedically and bring their IT security up to date. The necessary investment and operating resources are not made available, however. ”The hospital company has repeatedly issued such warnings in direct discussions with Laumann, the association said on Friday, but they had not been heard.
Apparently another clinic in NRW is currently affected
Laumann’s ministry only reacted after the corona pandemic: In the middle of the year, according to the Ministry of Health, the state government made 750 million euros available, which – according to the spokeswoman – “could” also be “invested in the IT infrastructure”. The federal government is still there: NRW can call up 630 million euros from a three billion euros clinic funding program of the federal government – but under certain conditions: 15 percent of the funds must be used to expand IT security.
The Ministry of Health admits the omission on request. “The Ministry has taken your request as an opportunity to review the process. It was found that, to our regret, there was no response to the letter. The ministry is taking this as an opportunity to contact the BSI, ”said a spokeswoman.
The North Rhine-Westphalian SPD parliamentary group leader Thomas Kutschaty is outraged: “If that should be the case, then Minister Laumann is now in a difficult position. If he did not actually react to the offers of help from the BSI and ignored the hospital society’s call for help, then that was simply irresponsible. ”Apparently, Laumann did not recognize the extent of the problem at all.
“After the attacks on a hospital in Neuss or on the supercomputers at the Jülich Research Center, Laumann should have been made aware and warned,” Kutschaty continues. “Apparently it wasn’t – and that could fall on his feet. Laumann must now do everything possible to rule out recurrence. He mustn’t make it too easy for the hackers either. But to do this, he and his cabinet colleague, Digital Minister Pinkwart, first have to recognize how big the problem actually is. “
How big the problem is now for clinics in North Rhine-Westphalia shows that Düsseldorf is obviously not an isolated case. According to information from NewsABC.net, another clinic in the Ruhr area is currently the victim of an attack.