{
	"id": "ce41d761-c8e5-4bdd-9136-5e8bcc6d6389",
	"created_at": "2026-04-06T00:06:50.3904Z",
	"updated_at": "2026-04-10T03:21:05.00169Z",
	"deleted_at": null,
	"sha1_hash": "8fc07fad6e8097dee8e7604d49f5d44ec4c34433",
	"title": "Lockbit ransomware disrupts emergency care at German hospitals",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2143362,
	"plain_text": "Lockbit ransomware disrupts emergency care at German hospitals\r\nBy Bill Toulas\r\nPublished: 2023-12-27 · Archived: 2026-04-05 20:24:31 UTC\r\nGerman hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service\r\ndisruptions at three hospitals were caused by a Lockbit ransomware attack.\r\nThe attack occurred on Saturday in the early morning of December 24, 2023. It severely impacted the systems that support\r\nthe operations of three hospitals in Bielefeld, Rheda-Wiedenbrück, and Herford, Germany.\r\n\"Unknown actors have gained access to the systems of the IT infrastructure of the hospitals and have encrypted data,\" reads\r\nthe machine-translated announcement from the hospital.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"A first test showed that it is probably a cyberattack by Lockbit 3.0, the resolution time of which is currently unforeseeable.\"\r\n\"For security reasons, all systems were shut down immediately upon discovery, and all necessary parties and institutions\r\nwere informed.\"\r\nAt this time, investigations are underway, and the extent of the damage and if the attackers stole data haven't been\r\ndetermined yet.\r\nThe following three hospitals, which KHO operates, have been impacted by the cyberattack:\r\n1. Franziskus Hospital Bielefeld – 614 beds, ten specialist departments, 390 doctors and staff\r\n2. Sankt Vinzenz Hospital Rheda-Wiedenbrück – 614 beds, five specialist departments, 200 doctors and staff\r\n3. Mathilden Hospital Herford – 614 beds, eight specialist departments, 230 doctors and staff\r\nThe above hospitals play a critical role in providing healthcare services in their respective locations, so a cyberattack\r\nimpacting their IT systems could have dire repercussions for people in medical emergencies.\r\nKHO's announcement clarifies that patient treatment continues as normal in the impacted hospitals, and all clinic operations\r\nremain available, albeit with some technical restrictions. Essential patient information remains accessible through the\r\nsuccessful restoration of backups.\r\nHowever, emergency care is unavailable in the three KHO hospitals, so people urgently needing medical care are diverted\r\nelsewhere, possibly resulting in critical delays.\r\nAt the time of writing, the Lockbit ransomware gang hasn't added KHO to its extortion portal on the dark web, so whether\r\nor not the cybercriminals stole patient data or other sensitive information hasn't been determined yet.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/\r\nPage 3 of 4\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/"
	],
	"report_names": [
		"lockbit-ransomware-disrupts-emergency-care-at-german-hospitals"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434010,
	"ts_updated_at": 1775791265,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8fc07fad6e8097dee8e7604d49f5d44ec4c34433.pdf",
		"text": "https://archive.orkl.eu/8fc07fad6e8097dee8e7604d49f5d44ec4c34433.txt",
		"img": "https://archive.orkl.eu/8fc07fad6e8097dee8e7604d49f5d44ec4c34433.jpg"
	}
}