German hospitals experience disruption in emergency care due to the Lockbit ransomware

The German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has verified that the recent delays in operations at three hospitals were a result of a Lockbit ransomware assault.

The attack took place on Saturday during the early hours of December 24, 2023. The incident had a significant impact on the infrastructure that facilitates the functioning of three hospitals located in Bielefeld, Rheda-Wiedenbrück, and Herford, Germany.

The hospital’s release states that unauthorized individuals have successfully infiltrated the IT infrastructure systems of the hospitals and have employed encryption techniques to secure the data.

“Initial testing indicates that the incident is likely a cyberattack carried out by Lockbit 3.0. The duration of time required to resolve this issue is currently unknown.”

“Upon detection, all systems were promptly deactivated for security purposes, and relevant parties and institutions were duly notified.”

Currently, investigations are in progress to ascertain the magnitude of the harm and whether the attackers have successfully pilfered any data.

The cyberattack has affected the three hospitals currently under the operation of KHO:

The Franziskus Hospital in Bielefeld has a capacity of 614 beds and is equipped with eleven specialized departments. It employs a total of 390 doctors and other members.
The Sankt Vinzenz Hospital in Rheda-Wiedenbrück has a total of 614 beds and is comprised of five specialized departments. The hospital is staffed by 200 doctors and other medical professionals.
The Mathilden Hospital in Herford has a capacity of 614 beds and consists of eight specialized departments. It is staffed by a team of 230 doctors and other medical professionals.

The aforementioned hospitals play a key role in delivering healthcare services in their respective areas, hence a cyberattack affecting their IT systems could have severe consequences for individuals in urgent medical situations.

The notice from KHO provides clarification that patient treatment is ongoing without interruption in the affected hospitals, and all clinic procedures are still accessible, although there may be certain technical limitations. The restoration of backups ensures that crucial patient information remains easily accessible.

Regrettably, the three KHO hospitals lack the capability to provide emergency care, leading to the redirection of those in urgent need of medical attention to other facilities, potentially causing significant delays.

Currently, the Lockbit ransomware group has not included KHO in their blackmail platform on the dark web. Therefore, it remains uncertain whether the thieves have obtained patient data or any other confidential information.