In a recent incident, the Katholische Hospitalvereinigung Ostwestfalen (KHO) network, a German hospital group, has confirmed that three of its hospitals faced severe service disruptions due to a Lockbit ransomware attack.
The attack unfolded in the early morning of December 24, 2023, impacting the operational systems of three hospitals located in Bielefeld, Rheda-Wiedenbrück, and Herford, Germany.
According to a translated statement from the hospital, "Unknown actors gained access to the IT infrastructure systems of the hospitals and encrypted data. A preliminary assessment indicates a likely cyberattack by Lockbit 3.0, with an unpredictable resolution time."As a precautionary measure, all systems were immediately shut down upon discovery, and relevant parties and institutions were promptly notified.
Investigations are currently underway to determine the extent of the damage and whether any data was stolen during the cyberattack.The three affected hospitals, operated by KHO, include:
Franziskus Hospital Bielefeld – 614 beds, ten specialist departments, 390 doctors and staff
Sankt Vinzenz Hospital Rheda-Wiedenbrück – 614 beds, five specialist departments, 200 doctors and staff
Mathilden Hospital Herford – 614 beds, eight specialist departments, 230 doctors and staff
These hospitals play a crucial role in providing healthcare services in their respective areas. A cyberattack on their IT systems raises concerns about potential repercussions for individuals in medical emergencies.
KHO's announcement assures that patient treatment continues as usual in the affected hospitals, with clinic operations available, albeit with some technical limitations. Essential patient information remains accessible due to the successful restoration of backups.However, emergency care services are currently unavailable in the three KHO hospitals. Individuals requiring urgent medical attention are being redirected elsewhere, potentially leading to critical delays.
As of the latest update, the Lockbit ransomware gang has not added KHO to its extortion portal on the dark web. The determination of whether the cybercriminals stole patient data or other sensitive information remains pending. Ongoing investigations aim to shed light on the full scope of the incident.
Stay ahead of the wave