German Hospital Differs in Ransomware Response from American Counterpart

German authorities have advised hospital officials not to contact the hacker as they work to restore the system.

German authorities believe a local hospital was the victim of a ransomware attack similar to the one experienced by a Hollywood hospital on Feb. 17.

Hospital officials and German authorities have not followed in the footsteps of their American counterparts, however, when it comes to responding to the attack.

The IT department at Lukas Hospital in Neuss, Germany, realized the hospital had caught some sort of malware on Feb. 10 and “pulled the plug on everything,” according to hospital spokesman Dr. Andreas Kremer. German authorities believe the quick actions may have prevented extensive damage to the hospital’s network and the machines affiliated with it.

Now when someone tries to access the hospital’s network an error message pops up urging the user to contact an anonymous email address to “stop the ransomware,” according to Presumably the hacker intended to demand money through the email address to restore the system.

The situation is eerily similar to the American ransomware attack that eventually ended when Hollywood Presbyterian Medical Center paid an anonymous hacker $16,664 (or 40 bitcoins) to restore its computer network on Feb. 17. The hacker had initially demanded $3.6 million to erase the virus in that case.

Rather than interact with the hacker, however, Lukas Hospital has decided not to engage in a negotiation at all. Hospital officials and the authorities assisting them (Germany’s State Criminal Investigation Office) have been working to restore the system over the last two weeks and have not contacted the email address.

RELATED: Cybersecurity Report Finds “Healthcare Industry in Turmoil”

Since the hack, staff members have communicated through the phone, fax machines and handwritten notes because the email system still isn’t up and running. Kremer said approximately 85 percent of the hospital’s operations have continued as normal.

The hospital’s security experts have developed a software to cleanse the infected network and scan the servers and devices for additional viruses. Some data was backed up and can be easily restored. Kremer estimates the hospital’s system will be running normally again by the early summer at the earliest.

The German and American responses to similar cases of ransomware offer an interesting contrast as cyber security officials around the world ponder the best way to deal with the growing trend.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Zach Winn is a journalist living in the Boston area. He was previously a reporter for Wicked Local and graduated from Keene State College in 2014, earning a Bachelor’s Degree in journalism and minoring in political science.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo