Cyber Incident Victim: Fresenius
Date:
May 2020
Location:
Germany
Summary
Fresenius, a major European healthcare provider and dialysis supplier, experienced a significant ransomware attack impacting global operations while maintaining patient care continuity. The incident involved Snake ransomware, which targeted enterprise systems and industrial controls, prompting containment measures and collaboration with authorities. The attack occurred amid heightened cyber threats against medical organizations during the pandemic, with INTERPOL and international agencies warning of increased ransomware campaigns and state-sponsored targeting of COVID-19 response infrastructure. Operational limitations affected multiple business units, though the company declined to disclose specifics regarding ransom demands or potential data exfiltration. This breach highlighted vulnerabilities in critical healthcare networks during a period of escalated demand for renal care services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 5, 2020, Fresenius Group—Europe’s largest private hospital operator and a major global provider of dialysis products and services—experienced a widespread ransomware attack affecting its technology systems. The Germany-based company, which employs nearly 300,000 people across over 100 countries and holds significant market share in U.S. dialysis services, confirmed the incident disrupted limited operational functions while maintaining patient care. Internal reports indicated the attack impacted all divisions globally, including Fresenius Medical Care, Fresenius Helios, Fresenius Kabi, and Fresenius Vamed. Employees observed computers roped off in U.S. facilities, with anonymous sources attributing the attack to Snake ransomware, a strain known for targeting large enterprises and industrial control systems. Fresenius spokesperson Matt Kuhn acknowledged the detection of a computer virus and implementation of security protocols to contain its spread, though the company declined to disclose technical specifics. IT teams worked to restore systems while authorities were notified, though the firm maintained its policy of not commenting on IT security details.
The incident occurred amid heightened cyber threats to healthcare organizations during the COVID-19 pandemic, with INTERPOL reporting increased ransomware attacks against critical response infrastructure in April 2020. Snake ransomware’s focus on enterprise management tools and industrial networks raised concerns given Fresenius’s role in medical device manufacturing and dialysis supply chains—critical resources during a pandemic causing kidney complications in patients. While some ransomware groups pledged to avoid healthcare targets, attacks like the one against Colorado’s Parkview Medical Center weeks earlier demonstrated ongoing risks. Fresenius faced potential data exfiltration, as modern ransomware operators frequently steal information before encryption to pressure victims. An anonymous source claimed the company paid $1.5 million to resolve a prior ransomware incident, suggesting this attack was more extensive. The company did not confirm whether a ransom was demanded or paid in this case. Operational impacts remained unspecified beyond "limited functions," with no public evidence of compromised patient data or clinical system failures.