The German hospital network atholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that it has been the victim of a ransomware attack – allegedly by the Lockbit gang.
The attack started in the early hours of Saturday December 24th, and severely impacted the systems that support the operations of three of the six hospitals managed by the organisation. The affected hospitals are in Bielefeld, Rheda-Wiedenbrück, and Herford in the North-East of the country
A statement on the hospitals website says that “unknown persons gained access to the hospitals’ IT infrastructure“.
Some patient care is still available at the affected hospitals, but emergency care has been temporarily diverted to other locations.
Lockbit / Not Lockbit
The statement by the hospital says that the attack is most likely the actions of the LockBit gang – this is a message being repeated by some news sites, however, this is now looking like the work of someone pretending to be LockBit, and has used the LockBit Black ransomware builder code which was leaked in April of this year.
The @vxunderground account on x.com has been in contact with LockBit over this attack and has posted a rather strongly worded response from the gang…
It certainly looks like they are not impressed with these actions of this impostor – most likely because the gang aren’t being given a cut of any possible ransom payments.
