Three hacked German hospitals shut down systems, LockBit suspected

Three hospitals in Germany suffered devastating ransomware attacks in the early morning hours of December 24th, forcing them to shut down their entire IT systems.

The three affected hospitals are Franziskus Hospital in Bielefeld, Sankt Vinzenz Hospital in Rheda-Wiedenbrück, and Mathilden Hospital in Herford, the Catholic Hospital Association of East Westphalia (Katholische Hospitalvereinigung Ostwestfalen, KHE) announced.

An unknown actor gained unauthorized access to the hospitals’ IT systems infrastructure and encrypted the data.

“A preliminary examination revealed that it was likely a cyberattack by LockBit 3.0, the timeline for which cannot yet be predicted,” KHE statement reads.

For security reasons, all IT systems were shut down that night as soon as hospitals became aware of the incidents, and “all necessary people and institutions were informed”

It is yet unclear what extent of the damage the incident has caused.

“We immediately established a crisis team that night and began analyzing the situation. Access to all systems was immediately blocked. Thanks to our security systems, patient data is still available for patient treatment,” said Dr. Jan Schlenker, Managing Director of KHO.

He confirmed that patient care is ensured and the clinics are operating with minor technical limitations while backup efforts are in full swing. However, for security reasons, hospitals have withdrawn from emergency care.

KHO's network of hospitals includes six facilities in Germany, the company has 3,300 employees.

LockBit 3.0 is a ransomware developed by the LockBit ransomware group, which is currently one of the most active threat actors. Also known as LockBit Black, ransomware is now in its third iteration and is considered the most evasive version of all previous strains, a US Department of Justice report said.

According to CISA, LockBit implemented a ransomware-as-a-service model, where affiliates are recruited to conduct ransomware attacks using LockBit tools and infrastructure. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs).

The threat actors are said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa. The largest LockBit victims include: Boeing; the state-owned Industrial and Commercial Bank of China, known as ICBC; one of the Australia’s largest port operators, DP World Australia; Allen & Overy, and others.

LockBit was recently observed exploiting the now-patched Citrix zero-day vulnerability in a recent spate of ransomware attacks.

More from Cybernews:

Streaming in 2024: more content, licenses, bundles, and ads

Out with the old: the tech turkeys we kept using in 2023

Amazon Prime Video to interrupt with ads unless paying $2.99/month extra

Fidelity National Financial attack exposes more than 1.3M subsidiary customers

Another blow to Rockstar Games after GTA V source code leaked

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked