Cyber Incident Victim: MVZ Herz-Lungen-Praxis

The MVZ Herz-Lungen-Praxis Hamburg-Bergedorf, a subsidiary of Lungenclinic Großhansdorf, experienced a cyberattack targeting its practice information system around the New Year transition in 2025. Unknown threat actors successfully infiltrated the system, encrypting the master and health data of approximately 12,000 patients, rendering the practice unable to access critical patient records. This forced the cancellation of pre-scheduled medical appointments and resulted in a complete closure of the facility for one and a half weeks. The attack disrupted healthcare operations significantly, with the practice lacking reliable access to personal patient data for eight weeks following the incident. Criminal police initiated an investigation while two professional firms specializing in digital forensics immediately worked to decrypt the affected data and restore system functionality. Partial restoration was achieved incrementally, though some data recovery efforts remained ongoing at the time of the public disclosure.

The practice implemented enhanced security measures on its IT systems during the recovery process and formally notified regulatory authorities, including the Federal Office for Information Security (BSI) and the Hamburg Commissioner for Data Protection and Freedom of Information. While no ransomware demand or perpetrator communication had been received, the practice acknowledged the possibility that attackers might have accessed sensitive personal or health data without authorization. Public notifications were issued to inform patients and their families about the breach, accompanied by apologies for the inconvenience and assurances of continued efforts to resolve remaining data restoration issues. The practice emphasized its commitment to restoring trusted healthcare operations and provided contact details for affected individuals seeking clarification, though no further details about the attackers’ methods or motivations were disclosed by investigators.