Cyber Attacks on Hospitals: When Digital Risks Can Cost Lives
Germany is in the digital crosshairs. As the renowned Hasso Plattner Institute (HPI) warns, hospitals in particular are increasingly becoming targets of cyber attacks. The consequences: postponed operations, blocked care, damages in the millions – and patient endangerment.
Dangerous Development: 74% More Successful Attacks
According to the current HPI analysis “Cybersecurity Alert: How Vulnerable Is Germany Really?”, successful attacks on hospitals increased by a whopping 74% between 2020 and 2024. Particularly affected were clinics in Ludwigslust and Hagenow (February 2025). These numbers are not outliers – they represent a worrying trend.
Hospitals as Easy Targets
Why hospitals? The digitization of medicine is advancing, but many institutions are lagging behind in IT security. Outdated systems, unclear responsibilities, and lack of emergency plans make clinics easy prey for cybercriminals and state hackers.
The Two Faces of the Attackers
According to HPI, the attackers come from two camps:
- Cybercriminals who encrypt data and demand ransom.
- State actors who specifically attack infrastructure to create insecurity – often as part of hybrid warfare.
Hybrid War: Russia in Focus
Since the beginning of the Ukraine war, HPI has observed a massive increase in state-orchestrated attacks from Russia. These attacks are part of a geopolitical strategy: The West is to be destabilized through cyber attacks. Clinics are only part of the target – banks, transport and energy systems are also affected.
Concrete Effects in Clinics
The consequences of successful attacks are severe:
- Postponed surgeries: Patients have to wait for weeks.
- IT failure: Important patient management systems no longer function.
- Costs: The economic consequences amount to millions.
- Loss of image: Public trust suffers.
Professor Christian Dörr (HPI): Protection is Being Breached
HPI’s cybersecurity expert, Prof. Christian Dörr, warns: “We are seeing that hackers are getting better at bypassing existing protection mechanisms like firewalls. Many institutions are falling behind.”
What Germany Must Do Now
HPI calls for a rethinking at federal, state, and local levels:
- Comprehensive security measures, not individual solutions
- Binding standards for critical infrastructures
- Central responsibilities with decision-making power
- Better training and sensitization of personnel
Conclusion: No Time for Digital Naivety
Cyber attacks on hospitals are no longer a science fiction scenario, but bitter reality. Those who do not act now risk not only data loss, but human lives. Security is not an option – it is a duty.
