According to the state government, the IT failure at the Düsseldorf University Clinic is due to a hacker attack with blackmail.
Science Minister Isabel Pfeiffer-Poensgen (independent) said the perpetrators had withdrawn the blackmail after contacting the police.
The public prosecutor's office is also conducting a death investigation because a patient had to be brought to a Wuppertal hospital - and died.
According to a report by the Justice Minister, 30 servers in the clinic were encrypted last week.
A blackmail letter was left on a server, but it was addressed to Heinrich Heine University in Düsseldorf.
In the letter, the blackmailers asked to be contacted - according to the report, they did not name a specific amount.
The Düsseldorf police then actually made contact and informed the perpetrators that their hacker attack affected a hospital - and not the university.
This puts patients at considerable risk.
The perpetrators then withdrew the extortion and handed over a digital key with which the data can be decrypted again.
According to the report, the investigators therefore suspect that the university clinic was affected by chance.
In the meantime, the perpetrators are no longer available.
Treatment after one hour delay
The public prosecutor's office in Wuppertal is now investigating the death of a life-threatening patient who, according to the report, "should have been brought to the Düsseldorf University Hospital by ambulance service on the night of September 11th, had to be referred to a more distant hospital in Wuppertal." . "
Your treatment could only take place one hour late.
She died a short time later, the Justice Minister said in his report.
A spokesman for the Düsseldorf University Clinic said that his house had already been deregistered from emergency care at this time.
Ambulances would no longer have approached the clinic.
What exactly happened that night was initially unclear.
According to the report to the state parliament, the central and contact point Cybercrime North Rhine-Westphalia (ZAC) is still checking whether it will take over the investigation - and if necessary, the process will be expanded to include accusations of negligent homicide.
No data affected
According to current knowledge, no data was stolen or irretrievably deleted during the hacker attack.
The clinic announced that studies by IT experts had shown that.
The hackers exploited a vulnerability in an application.
"The security gap was in a commercially available and worldwide commercial additional software. Until this gap was finally closed by the software company, there was a sufficient time window to penetrate into the systems," said the clinic.
The attackers would have ensured that gradually systems failed and access to stored data was no longer possible.
A spokesman for the cyber investigation authority ZAC confirmed that the hackers had used a security hole in software that is used by many companies.
The clinic expects it will be some time before patients can be treated normally again.
"Due to the size of the IT system and the abundance of data, we cannot yet estimate when this process will be completed," said the commercial director, Ekkehard Zimmer.
"However, we are confident that we will be able to better estimate the time span in the next few days and that we will be there for our patients again step by step."
Last Thursday, the IT system at the university hospital failed.
Ambulances no longer drove to the large facility in the North Rhine-Westphalian state capital, operations were postponed and planned treatment appointments were canceled.