Fresenius, Fresenius Helios, Fresenius Kabi and Fresenius Medical Care: Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Fresenius Hit by Snake Ransomware Attack Amid Rising Healthcare Cyber Threats

Fresenius, Europe’s largest private hospital operator and a leading global provider of dialysis products and services, has suffered a ransomware attack disrupting its technology systems. The Germany-based conglomerate, which employs nearly 300,000 people across over 100 countries, confirmed the incident on Tuesday, stating that while some operations were limited, patient care remained unaffected.

The attack targeted Fresenius’ four independent business units: Fresenius Medical Care (a major kidney failure treatment provider), Fresenius Helios (Europe’s largest private hospital network), Fresenius Kabi (pharmaceuticals and medical devices), and Fresenius Vamed (healthcare facility management). The company holds nearly 40% of the U.S. dialysis market, a critical service as COVID-19 has increased demand due to kidney-related complications.

A source familiar with the incident identified the ransomware strain as Snake, a relatively new variant known for targeting large enterprises and industrial control systems. Snake encrypts files and exfiltrates data before locking systems, giving victims 48 hours to pay a ransom or risk public exposure of stolen files. Fresenius has not disclosed whether it will pay the ransom, though a source claimed the company previously paid $1.5 million to resolve an earlier attack.

The breach aligns with a surge in cyberattacks against healthcare providers during the pandemic. INTERPOL reported a sharp rise in ransomware incidents targeting medical organizations, while the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre warned of state-sponsored hacking groups exploiting COVID-19 response efforts. These actors seek intelligence on healthcare policies and research, as well as sensitive patient data.

Fresenius has not provided further details on the attack, citing security protocols. The incident follows other recent healthcare breaches, including a late-April ransomware attack on Colorado’s Parkview Medical Center, which disabled patient record systems. Despite some ransomware groups pledging to avoid healthcare targets during the pandemic, attacks have persisted.

Source: https://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware/

Fresenius Group cybersecurity rating report: https://www.rankiteo.com/company/fresenius-se

"id": "FRE1770566194",
"linkid": "fresenius-se",
"type": "Ransomware",
"date": "5/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Global (Headquartered in Germany)',
                        'name': 'Fresenius',
                        'size': '300,000 employees across over 100 countries',
                        'type': 'Healthcare conglomerate'},
                       {'industry': 'Dialysis products and services',
                        'location': 'Global',
                        'name': 'Fresenius Medical Care',
                        'type': 'Business unit'},
                       {'industry': 'Hospital network',
                        'location': 'Europe',
                        'name': 'Fresenius Helios',
                        'type': 'Business unit'},
                       {'industry': 'Pharmaceuticals and medical devices',
                        'location': 'Global',
                        'name': 'Fresenius Kabi',
                        'type': 'Business unit'},
                       {'industry': 'Healthcare facility management',
                        'location': 'Global',
                        'name': 'Fresenius Vamed',
                        'type': 'Business unit'}],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'sensitivity_of_data': 'Potentially sensitive patient data'},
 'description': 'Fresenius, Europe’s largest private hospital operator and a '
                'leading global provider of dialysis products and services, '
                'suffered a ransomware attack disrupting its technology '
                'systems. The attack targeted Fresenius’ four independent '
                'business units, encrypting files and exfiltrating data before '
                'locking systems.',
 'impact': {'data_compromised': True,
            'downtime': True,
            'operational_impact': 'Limited operations, but patient care '
                                  'remained unaffected',
            'systems_affected': True},
 'motivation': ['Financial gain', 'Data exfiltration'],
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': 'Snake'},
 'references': [{'source': 'INTERPOL'},
                {'source': 'U.S. Cybersecurity and Infrastructure Security '
                           'Agency (CISA)'},
                {'source': 'U.K.’s National Cyber Security Centre'}],
 'response': {'communication_strategy': 'Limited details disclosed citing '
                                        'security protocols'},
 'title': 'Fresenius Hit by Snake Ransomware Attack',
 'type': 'Ransomware'}

Fresenius, Fresenius Helios, Fresenius Kabi and Fresenius Medical Care: Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware – Krebs on Security

Urban VPN Proxy: Malicious Browser Extensions Can Steal AI Chats in New “Prompt Poaching” Attack

Aquasecurity: CISA Adds Aquasecurity Trivy Scanner Vulnerability to KEV Catalog

Rogers Communications and Fido: Rogers and Fido Confirm Data Breach Affecting Customer Information