Cyber Incident Victim: Dreifaltigkeits-Hospital
Date:
Feb 2024
Location:
Germany
Summary
A cyberattack targeted the IT infrastructure of Dreifaltigkeits-Hospital in Lippstadt, impacting affiliated hospitals in Erwitte and Geseke, causing system outages that halted new patient admissions and scheduled surgeries while emergency care remained operational. Authorities confirmed no immediate risk to patient lives. The Zentral- und Ansprechstelle Cybercrime Nordrhein-Westfalen (ZAC NRW) and Dortmund police are investigating the incident, analyzing the attackers' methods, potential links to known threat groups, and the full scope of damage. The attack occurred amid lingering disruptions from a prior cyber incident affecting a regional IT service provider in the area.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 2, 2024, a cyberattack targeted the IT infrastructure of Dreifaltigkeit-Hospital in Lippstadt, Germany, disrupting operations across its affiliated hospitals in Erwitte (Marien-Hospital) and Geseke (Hospital zum Heiligen Geist). The attack caused significant system failures, forcing all three facilities to suspend new patient admissions and cancel all planned surgical procedures. Hospital authorities confirmed emergency services remained operational and explicitly stated no immediate risk to patient lives existed. The incident marked the second major cybersecurity breach affecting critical infrastructure in Kreis Soest within a short timeframe, following a prior attack on regional IT service provider Südwestfalen IT (SIT) that continued to impair local vehicle registration services at the time of this new breach. Police and cybersecurity investigators immediately initiated a coordinated response, with the Zentral- und Ansprechstelle Cybercrime Nordrhein-Westfalen (ZAC NRW) assuming lead investigative authority alongside the Dortmund Police Headquarters.
The ZAC NRW, a specialized cybercrime prosecution unit handling high-impact cases, deployed technical experts to assess the attack’s scope, methodology, and potential attribution to known threat actors. Investigators focused on forensic analysis of the compromised systems to determine the intrusion vector, attacker tactics, and whether data exfiltration or ransomware deployment occurred. Authorities withheld operational details during the active investigation but confirmed the incident’s severity warranted centralized oversight under the ZAC’s mandate to develop standardized countermeasures against evolving cyber threats. Concurrently, hospital staff implemented contingency protocols to maintain critical care while IT systems remained offline, reflecting persistent operational challenges from the earlier SIT attack that had already strained municipal services. The dual incidents underscored systemic vulnerabilities in the region’s critical infrastructure networks, particularly healthcare and administrative systems reliant on interconnected IT providers.