DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

De: Klinikum Lippe hospital decrypts data after “intensive negotiations” with ransomware attackers

Posted on November 30, 2022 by Dissent
Notice on Klinikum Lippe's web site reads (translation): "The Klinikum Lippe can currently only be reached by telephone and fax - patient care is ensured."
Notice on Klinikum Lippe’s web site alerts people that it can only be reached by telephone and fax (translation).

The Klinikum Lippe describes itself as one of the largest municipal hospitals in Germany and part of the University Hospital OWL of the University of Bielefeld. On November 17, they detected a significant cyberattack that impacted all three of their locations: Detmold, Lemgo, and Bad Salzuflen.

From its own statements, it appeared that the hospital might have negotiated a payment with the unnamed threat actors yesterday to get a decryption key. As of November 30, their most recent update states, in part (translation):

After intensive negotiations with the blackmailers, it was possible yesterday to receive the necessary data for decrypting the systems. We can therefore assume that the cyber attack has ended, but this does not mean that it will not have any further effects. Unfortunately, we have to assume that there may be ongoing disruptions to the IT systems.

By immediately disconnecting from all external networks after the attack became known, further damage could be prevented, whereby the isolation for securing and restoring the IT systems is still ongoing and the Klinikum Lippe will basically set them up again.

Among other things, this means that in the coming days we will continue to be available from outside only by telephone or fax.

Additional details are available on the hospital system’s incident update page.

Did they intensively negotiate an agreed-upon payment or did they just negotiate and get the attackers to give them a key without any payment? The former seems more likely, but Radio Lippe reports that there was no payment:

There was no ransom payment, it said when asked by Radio Lippe from Detmold. That’s unusual. The blackmailers have probably realized that the hospital is a critical infrastructure and released the data for decrypting the systems without payment, it said.

This story was updated and edited after learning that Radio Lippe was told that there was no ransom payment. That seems… surprising.

No related posts.

Category: Commentaries and AnalysesHealth DataMalwareNon-U.S.

Post navigation

← LastPass’s August incident contributed to a new incident
ICE accidentally released the identities of 6,252 immigrants who sought protection in the U.S. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.