Though it’s common knowledge that ransomware attacks can be crippling, recent evidence shows they can even be deadly.

The real-world consequences of just how devastating ransomware attacks can be were made explicit when a ransomware attack on a hospital resulted in the death of a patient in critical condition.

What happened?

Earlier this week, hackers targeted the systems at University Hospital Düsseldorf in Germany, in an attack which effectively “crippled the entire IT network of the hospital,” according to Computer Bild. Though the hospital’s phone system was restored after a few days, other systems remained inoperable.

As a result, the hospital had to halt all surgeries due to lack of power and began rerouting ambulances to another nearby hospital. Unfortunately, one patient in critical condition was transported to the hospital in an ambulance shortly after the attack hit. Unable to receive care there, the patient was then sent to another hospital – but by the time he got there, it was too late.

It is thought to be the first instance of a human casualty resulting from a ransomware attack.

On top of it all, the hospital must now contend with the specter of compromised patient data.

After German authorities reached out to the attacks with a decryption appeal, the attackers did send the key – but clearly, it wasn’t soon enough.

Experts believe that this attack was intended to affect the affiliated university, not the hospital itself. In light of larger trends, this hypothesis seems viable, considering attacks on the health care sector comprise a relatively small percentage (5.3%)  of ransomware attacks. And just a few months ago, a cadre of notorious cyber gangs signed a pledge to stop targeting the health care sector.

How does ransomware work?

Ransomware attacks involve the unauthorized seizure of private data, subsequently followed by a threat that usually takes one of two forms. Ransom artists may encrypt your website’s data – thus making it unusable – demanding a ransom be paid in order to decrypt the data. Or, in more recent developments, ransom artists may access private data and download it in file form, threatening to release it publicly unless a ransom is paid.

Government authorities consistently advise against caving to ransomware demands – but the problem is that doing so leads to results the vast majority of the time. According to Coveware, last year “98% of companies that paid the ransom received a working decryption tool.” Furthermore, “victims who paid for a decryptor successfully decrypted 97% of their encrypted data.”

What’s the best way to protect yourself against ransomware attacks? Prevent them. Get regular software updates, provide security training to employees, have data backup systems in place, and even consider simulating a cyberattack to identify your weaknesses.