Medical data and personal information belonging to the patients of the Fresenius Medical Care unit have been posted online. Fresenius is the largest private hospital operator and provider of dialysis products and services. Because of the ongoing COVID-19 pandemic, their services have been in high demand. The company took a hit with a ransomware attack aimed at their systems. Fresenius shared that the incident managed to put some limitations on their operations, but patient care wasn't affected.
What Happened at Fresenius?
The company is based in Germany, including four businesses under the same umbrella: Fresenius Helios, the largest private hospital operator, according to the company; Fresenius Medical Care, focusing on kidney failure care; Fresenius Kabi, supplying pharmaceuticals and medical devices; and Fresenius Vamed, managing healthcare facilities.
Fresenius employs about 300,000 people located in over a hundred countries, 258th on the Forbes Global 200 ranks. The company provides services and products for hospitals, dialysis, inpatient, and outpatient care, with more than 40% of the market shares on dialysis care in the US alone. COVID-19 patients have seen kidney failure cases, which resulted in a shortage of supplies and dialysis machines in the country.
KrebsOnSecurity shared information received by an insider at Fresenius Kabi, who said the company computers were affected by a cyberattack that affected their operations worldwide. The suspected malware being used to attack the company was the Snake ransomware. The threat in question was a new strain used this year to extort large businesses.
A Fresenius spokesperson confirmed that the company was struggling with a malware outbreak. Matt Kuhn, the spokesperson, said that they detected a computer virus on the company computers. The company took measures according to their protocol for such cases to prevent further spread. Fresenius also contacted the authorities, continuing patient care, and working with their IT experts to solve the issue as quickly as possible.
Worldwide Increase of Targeting COVID-19 Response
The attack on Fresenius happened in the middle of attacks targeting healthcare providers fighting the COVID-19 pandemic. During April, INTERPOL warned that they detected a significant increase in ransomware attacks worldwide against infrastructure and critical organizations working on the pandemic response. Cybercriminals are using ransomware attacks to make money off the crisis, preventing access to systems and vital information until they are paid a ransom.
CISA, the Cybersecurity and Infrastructure Security Agency of the US Department of Homeland Security issued an alert with the UK National Cyber Security Centre about advanced persistent threat groups actively targeting COVID-19 response organizations.
APT actors are frequently targeting organizations to collect personal information in bulk, as well as intellectual property and intelligence that serves national priorities, according to the alert. They may also look to obtain intelligence and sensitive data related to COVID-19 research.