{
	"id": "00b56043-19fe-424c-a05d-e2bfc984630c",
	"created_at": "2026-04-06T00:06:55.235502Z",
	"updated_at": "2026-04-10T13:12:47.302499Z",
	"deleted_at": null,
	"sha1_hash": "41f9f0c2e2beb13f54cf4855682578f3a8f97a57",
	"title": "Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 524057,
	"plain_text": "Europe’s Largest Private Hospital Operator Fresenius Hit by\r\nRansomware\r\nPublished: 2020-05-06 · Archived: 2026-04-05 13:20:46 UTC\r\nFresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that\r\nare in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its\r\ntechnology systems. The company said the incident has limited some of its operations, but that patient care\r\ncontinues.\r\nBased in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care, a leading\r\nprovider of care to those suffering from kidney failure; Fresenius Helios, Europe’s largest private hospital\r\noperator (according to the company’s Web site); Fresenius Kabi, which supplies pharmaceutical drugs and\r\nmedical devices; and Fresenius Vamed, which manages healthcare facilities.\r\nOverall, Fresenius employs nearly 300,000 people across more than 100 countries, and is ranked 258th on the\r\nForbes Global 2000. The company provides products and services for dialysis, hospitals, and inpatient and\r\noutpatient care, with nearly 40 percent of the market share for dialysis in the United States. This is worrisome\r\nbecause COVID-19 causes many patients to experience kidney failure, which has led to a shortage of dialysis\r\nmachines and supplies.\r\nOn Tuesday, a KrebsOnSecurity reader who asked to remain anonymous said a relative working for Fresenius\r\nKabi’s U.S. operations reported that computers in his company’s building had been roped off, and that a cyber\r\nattack had affected every part of the company’s operations around the globe.\r\nThe reader said the apparent culprit was the Snake ransomware, a relatively new strain first detailed earlier this\r\nyear that is being used to shake down large businesses, holding their IT systems and data hostage in exchange for\r\npayment in a digital currency such as bitcoin.\r\nhttps://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware\r\nPage 1 of 3\n\nFresenius spokesperson Matt Kuhn confirmed the company was struggling with a computer virus outbreak.\r\n“I can confirm that Fresenius’ IT security detected a computer virus on company computers,” Kuhn said in a\r\nwritten statement shared with KrebsOnSecurity. “As a precautionary measure in accordance with our security\r\nprotocol drawn up for such cases, steps have been taken to prevent further spread. We have also informed the\r\nrelevant investigating authorities and while some functions within the company are currently limited, patient care\r\ncontinues. Our IT experts are continuing to work on solving the problem as quickly as possible and ensuring that\r\noperations run as smoothly as possible.”\r\nThe assault on Fresenius comes amid increasingly targeted attacks against healthcare providers on the front lines\r\nof responding to the COVID-19 pandemic. In April, the international police organization INTERPOL warned it\r\n“has detected a significant increase in the number of attempted ransomware attacks against key organizations and\r\ninfrastructure engaged in the virus response. Cybercriminals are using ransomware to hold hospitals and medical\r\nservices digitally hostage, preventing them from accessing vital files and systems until a ransom is paid.\r\nOn Tuesday, the Department of Homeland Security‘s Cybersecurity and Infrastructure Security Agency\r\n(CISA) issued an alert along with the U.K.’s National Cyber Security Centre warning that so-called “advanced\r\npersistent threat” groups — state-sponsored hacking teams — are actively targeting organizations involved in both\r\nnational and international COVID-19 responses.\r\n“APT actors frequently target organizations in order to collect bulk personal information, intellectual property, and\r\nintelligence that aligns with national priorities,” the alert reads. “The pandemic has likely raised additional interest\r\nfor APT actors to gather information related to COVID-19. For example, actors may seek to obtain intelligence on\r\nnational and international healthcare policy, or acquire sensitive data on COVID-19-related research.”\r\nOnce considered by many to be isolated extortion attacks, ransomware infestations have become de facto data\r\nbreaches for many victim companies. That’s because some of the more active ransomware gangs have taken to\r\ndownloading reams of data from targets before launching the ransomware inside their systems. Some or all of this\r\ndata is then published on victim-shaming sites set up by the ransomware gangs as a way to pressure victim\r\ncompanies into paying up.\r\nSecurity researchers say the Snake ransomware is somewhat unique in that it seeks to identify IT processes tied to\r\nenterprise management tools and large-scale industrial control systems (ICS), such as production and\r\nmanufacturing networks.\r\nWhile some ransomware groups targeting businesses have publicly pledged not to single out healthcare providers\r\nfor the duration of the pandemic, attacks on medical care facilities have continued nonetheless. In late April,\r\nParkview Medical Center in Pueblo, Colo. was hit in a ransomware attack that reportedly rendered inoperable\r\nthe hospital’s system for storing patient information.\r\nFresenius declined to answer questions about specifics of the attack, saying it does not provide detailed\r\ninformation or comments on IT security matters. It remains unclear whether the company will pay a ransom\r\ndemand to recover from the infection. But if it does so, it may not be the first time: According to my reader\r\nsource, Fresenius paid $1.5 million to resolve a previous ransomware infection.\r\n“This new attack is on a far greater scale, though,” the reader said.\r\nhttps://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware\r\nPage 2 of 3\n\nUpdate, May 7, 11:44 a.m. ET: Lawrence Abrams over at Bleeping Computer says the attack on Fresenius\r\nappears to be part of a larger campaign by the Snake ransomware crooks that kicked into high gear over the past\r\nfew days. The report notes that Snake also siphons unencrypted files before encrypting computers on a network,\r\nand that victims are given roughly 48 hours to pay up or see their internal files posted online for all to access.\r\nSource: https://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware\r\nhttps://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware"
	],
	"report_names": [
		"europes-largest-private-hospital-operator-fresenius-hit-by-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434015,
	"ts_updated_at": 1775826767,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/41f9f0c2e2beb13f54cf4855682578f3a8f97a57.pdf",
		"text": "https://archive.orkl.eu/41f9f0c2e2beb13f54cf4855682578f3a8f97a57.txt",
		"img": "https://archive.orkl.eu/41f9f0c2e2beb13f54cf4855682578f3a8f97a57.jpg"
	}
}