Lockbit ransomware disrupts emergency care at German hospitals

German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service disruptions at three hospitals were caused by a Lockbit ransomware attack.

The attack occurred on Saturday in the early morning of December 24, 2023. It severely impacted the systems that support the operations of three hospitals in Bielefeld, Rheda-Wiedenbrück, and Herford, Germany.

"Unknown actors have gained access to the systems of the IT infrastructure of the hospitals and have encrypted data," reads the machine-translated announcement from the hospital.

"A first test showed that it is probably a cyberattack by Lockbit 3.0, the resolution time of which is currently unforeseeable."

"For security reasons, all systems were shut down immediately upon discovery, and all necessary parties and institutions were informed."

At this time, investigations are underway, and the extent of the damage and if the attackers stole data haven't been determined yet.

The following three hospitals, which KHO operates, have been impacted by the cyberattack:

1. Franziskus Hospital Bielefeld – 614 beds, ten specialist departments, 390 doctors and staff
2. Sankt Vinzenz Hospital Rheda-Wiedenbrück – 614 beds, five specialist departments, 200 doctors and staff
3. Mathilden Hospital Herford – 614 beds, eight specialist departments, 230 doctors and staff

The above hospitals play a critical role in providing healthcare services in their respective locations, so a cyberattack impacting their IT systems could have dire repercussions for people in medical emergencies.

KHO's announcement clarifies that patient treatment continues as normal in the impacted hospitals, and all clinic operations remain available, albeit with some technical restrictions. Essential patient information remains accessible through the successful restoration of backups.

However, emergency care is unavailable in the three KHO hospitals, so people urgently needing medical care are diverted elsewhere, possibly resulting in critical delays.

At the time of writing, the Lockbit ransomware gang hasn't added KHO to its extortion portal on the dark web, so whether or not the cybercriminals stole patient data or other sensitive information hasn't been determined yet.