The gateway for the attack was an old service account, which had been created ten years ago. Although no longer in use, it was still active. This vulnerability allowed the attackers to import malware into the system, despite an installed firewall and updated antivirus software, as local newspaper the ‘ Wormser Zeitung ’ reports. The account was identified and deactivated two days after the attack, reports German online news Website heise.de , citing Sabine Bätzing-Lichtenthäler (SPD), Minister of Health for Rhineland-Palatinate, who said that the attack was the biggest attack ever on the German healthcare system’s IT infrastructure. A project group has now been formed, tasked with putting forward proposals for improving IT security by the end of the year.
It is not just this incident that proves that companies should not take the risk of a cyberattack lightly. As other cases show, almost anything or anyone is at risk of attack: In July, for example, Apobank was the victim of a large-scale phishing attack. A study by the NCC Group, reported on by haufe.de , for example, highlights that printers and fax machines can also pose potential risks.