Back

Cyberattack Compromises Data of Over 72,000 University Hospital Patients

Severity: High (Score: 68.0)

Sources: www.aachener-zeitung.de, www.bbv-net.de, www.stern.de, Ground.News

Published: 2026-05-22 · Updated: 2026-05-22

Keywords: university, hospital, affected, addresses, billing, information, tens

Severity indicators: ics, rat, hospital, university, cyberattack

Summary

A cyberattack targeting an external service provider has resulted in the theft of sensitive data from over 72,000 patients at four university hospitals in Baden-Württemberg, Germany, including Freiburg, Ulm, Heidelberg, and Tübingen. The University Hospital of Cologne is also affected by this incident. The stolen data includes diagnoses, addresses, and billing information. The hospitals have taken emergency measures in response to the breach. The exact method of the attack and the identity of the attackers remain unclear. The hospitals have confirmed the breach and are working to assess the full extent of the data loss. This incident highlights the vulnerabilities associated with third-party service providers in the healthcare sector. Key Points: • Over 72,000 patients' data compromised in a cyberattack on a service provider. • Sensitive information stolen includes diagnoses, addresses, and billing details. • Emergency measures implemented by affected hospitals to mitigate further risks.

Detailed Analysis

**Impact** Over 72,000 patients from the University Hospitals in Freiburg, Ulm, Heidelberg, Tübingen, and Cologne have had sensitive data compromised due to a cyberattack on an external service provider. The stolen data includes diagnoses, addresses, and billing information. The incident affects multiple university hospitals in the Baden-Württemberg region of Germany, disrupting operations and potentially exposing patients to privacy risks. **Technical Details** The attack targeted an external service provider connected to the affected hospitals. Specific attack vectors, malware, tools, or exploited vulnerabilities (CVEs) are not detailed in the available reports. No indicators of compromise (IOCs) or further technical TTPs have been disclosed. **Recommended Response** Defenders should prioritize monitoring network traffic and logs for unusual activity related to third-party service providers. Review and strengthen access controls and data segmentation for external vendors. Conduct thorough audits of service provider security postures and prepare incident response plans for potential data misuse. No specific patches or signatures are currently identified.

Source articles (4)

  • Tens of Thousands of Patients at the University Hospital Cologne Affected by Cyberattack: Diagnostics, Addresses, Billing Information — www.bbv-net.de · 2026-05-22
    Wir haben festgestellt, dass Sie den Hohen Kontrast-Modus nutzen. Wir haben ihn darum auch auf unserer Seite für sie aktiviert: Sie können Ihn im Menü jederzeit ausschalten. Sie sind bereits registrie…
  • Datendiebstahl Zehntausende Uniklinik Patienten Von Hackerangriff Betroffen 37426980 — www.stern.de · 2026-05-22
    Bei einem sind Daten von mehr als 72.000 Patientinnen und Patienten der Universitätskliniken Freiburg, Ulm, Heidelberg und Tübingen entwendet worden. Das teilten die Kliniken mit. Die Daten wurden bei…
  • Tens of Thousands of University Hospital Patients Affected by Cyberattack — www.aachener-zeitung.de · 2026-05-22
  • Tens of Thousands of University Hospital Patients Affected by Hacker Attack — Ground.News · 2026-05-21
    Diagnoses, addresses, billing information: The University Hospital of Cologne is also affected by a cyber attack at a service provider. Diagnoses, addresses, billing information: After the cyber-attac…

Timeline

  • 2026-05-21 — Cyberattack disclosed: University hospitals in Baden-Württemberg reported a breach affecting over 72,000 patients' data.
  • 2026-05-22 — Further details released: University Hospital Cologne confirmed its involvement in the cyberattack, emphasizing the sensitivity of the stolen data.

Related entities

  • Data Breach (Attack Type)
  • Universitätskliniken Freiburg (Company)
  • Universitätskliniken Heidelberg (Company)
  • Universitätskliniken Tübingen (Company)
  • Universitätskliniken Ulm (Company)
  • University Hospital Cologne (Company)
  • University Hospital Freiburg (Company)
  • University Hospital Heidelberg (Company)
  • University Hospital Of Cologne (Company)
  • University Hospital Tübingen (Company)
  • University Hospital Ulm (Company)
  • Deutschland (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed