At Christmas, the IT system of some clinics belonging to the Catholic Hospital Association of East Westphalia was attacked. The cyber attack is attributed to LockBit and, according to the clinic management, paralyzed all systems. However, the treatment of the patients is guaranteed.
According to the Catholic Hospital Association of East Westphalia, the APT group LockBit attacked the IT systems for some of its clinics. These include the hospitals hospitals Franziskus Hospital Bielefeld, Sankt Vinzenz Hospital Rheda-Wiedenbrück and Mathilden Hospital Herford. The individual hospitals inform patients and relatives about the current status. Another three hospitals in the hospital association are not affected by the attack because their IT connections are different. However, the use of the systems was also restricted there.
IT systems shut down after cyber attack
On the morning of December 24th, unknown persons gained access to the hospitals' IT infrastructure systems and specifically encrypted data. An initial check showed that it was probably a cyber attack by Lockbit 3.0, the timeline for which cannot yet be predicted. For security reasons, all systems were shut down immediately after it became known and all necessary people and institutions were informed. There is currently no precise information about the extent of the damage or any claims. The LockBit group's leak page also shows no entry indicating the attack or blackmail. The group doesn't actually attack hospitals. For one The group even apologized for the attack on a children's hospital in Toronto in January 2023 and also offered free decryption.
Treatments and operations should continue
All affected hospitals inform that they have no restrictions on the treatment of patients. Planned operations should not be postponed either. You only want to think about it in very extensive cases. Apparently the IT department had a good emergency plan in place. Because according to Dr. Jan Schlenker, Managing Director of KHO gGmbH, the patient data for treatment is still available through security systems.
This is good news because hospitals provide much of the care for the entire region. The Catholic Hospital Association of East Westphalia is a network of six hospitals: the Franziskus Hospital Bielefeld, the Sankt Elisabeth Hospital Gütersloh, the Sankt Lucia Hospital in Harsewinkel, the Marienhospital Oelde, the Mathilden Hospital Herford and the Sankt Vinzenz Hospital Rheda-Wiedenbrück. All clinics have around 3.300 employees.
LockBit or LockBit Affiliate Partner?
The APT group Lockbit is a Russian-speaking group that operates ransomware-as-a-service. The group first came to prominence in 2019. Since 2020, there has also been an affiliate program for the Lockbit ransomware – RaaS (Ransomware-as-a-Service). In June 2021, Lockbit 2.0 was released, enabling automation of data outflows. The largest attack in 2021 was against Accenture, with six terabytes of data stolen from the consulting firm and $50 million demanded. However, Accenture was able to restore the data from backups. According to many security experts, LockBit is considered the most active group. According to Check Point, 2023 ransomware groups attacked more than 48 victims in the first half of 2.200, with Lockbit3 being very active and causing a 20 percent increase in the number of victims compared to the first half of 2022.
More at KHO.de