Fresenius Hospital Operator Suffers Ransomware Attack

Europe’s largest private hospital operator, Fresenius, has suffered a ransomware attack that has limited some of its operations.

Despite the attack, which occurred during a global Coronavirus pandemic, the Berlin-based hospital operator did manage to continue patient care.

According to KrebsOnSecurity, Fresenius employs nearly 300,000 people across more than 100 countries (including the United States), and is a major provider of dialysis products and services that are in particularly high demand during the current Covid-19 pandemic.

Hospital attacked

KrebsOnSecurity was contacted by a reader who said the ransomware culprit appeared to be the Snake ransomware.

This is apparently a relatively new strain first detailed earlier this year.

Fresenius spokesperson Matt Kuhn confirmed the company to KrebsOnSecurity that his organisation was struggling with a computer virus outbreak.

“I can confirm that Fresenius’ IT security detected a computer virus on company computers,” Kuhn said in a written statement. “As a precautionary measure in accordance with our security protocol drawn up for such cases, steps have been taken to prevent further spread.”

“We have also informed the relevant investigating authorities and while some functions within the company are currently limited, patient care continues,” Kuhn added. “Our IT experts are continuing to work on solving the problem as quickly as possible and ensuring that operations run as smoothly as possible.”

The ransomware attack comes after the UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) warned this week of ‘malicious cyber campaigns targeting organisations involved in the Coronavirus response’.

That came after both the NCSC (a part of GCHQ) and the US CISA warned last month that state-backed hackers and online criminals are exploiting the Coronavirus pandemic.

Do not pay

The latest ransomware saw a security expert warn of the importance of not paying these hackers and criminals.

“This outrageous incident is a colourful validation of the FBI’s warning not to pay ransom,” said Ilia Kolochenko, founder & CEO of web security company ImmuniWeb. “Reportedly, Fresenius has already paid a 7-digit ransom in the past to recover from a similar attack.”

“Obviously, such a generous payment did not leave unscrupulous cybercriminals indifferent,” said Kolochenko. “Instead they quickly exploited the windfall and perfidiously re-raided this susceptible victim amid the crisis. Being mindful of Covid-19 social challenges, some cyber gangs decisively called to abstain from any attacks against medical and healthcare organizations, but unsurprisingly not everyone follows this Robin Hood code of ethics.”

“Unless the details of the attack investigation are disclosed, it would be premature to make any definitive conclusions,” said Kolochenko. “There are, however, more questions than answers given this is a second successful and large-scale attack, as some sources report. It is unclear whether foundational security processes were and are in place, such as holistic patch management and network segregation, but it seem that even if the answer is affirmative the latter are largely insufficient.”

“For the moment, there is likewise no visibility whether any medical records and PHI were stolen during the attack,” said Kolochenko. “The worst-case scenario is if the data was extracted and now may be published in case of eventual refusal to pay ransom. Cybercriminals now took their ransomware campaigns to the next level by threatening not just to delete the data but to disclose it thereby unleashing a parade of horrors from severe regulatory sanction to lawsuits by the victims.”

Do you know all about security? Try our quiz!