Whatever the intentions, this may have been an avoidable breach. The intruders exploited a known security flaw in Citrix’s VPN software, and Germany’s cybersecurity authority said it warned of the vulnerability in January. It’s nothing new for institutions to fall short on security, but this misstep appears to have been deadly.
If the investigation establishes a connection, it could be one of the first deaths directly linked to a cyberattack, according to former UK security executive Ciaran Martin. If so, the loss might spur hospitals and other critical facilities to tighten security and prevent future tragedies.