Case Study: Hospital Thwarts Cyberattack Thanks to OT Segmentation

A maximum care hospital became the target of a cyberattack. The attackers compromised the administrative network but failed due to the segmentation of medical technology. Hospital operations continued uninterrupted.

TL;DR

A maximum care hospital was targeted by a cyberattack in January 2025. The attackers compromised the administrative network but failed due to the segmentation of medical technology. Hospital operations continued uninterrupted – a success that goes back to two years of preparation.

Initial Situation

The hospital is a maximum care facility with 1,100 beds and around 4,500 employees. As a KRITIS operator in the healthcare sector, it is under special regulatory supervision. The IT infrastructure includes approximately 2,500 endpoints, 200 servers, and around 3,000 medical devices.

Two years ago, the hospital initiated a segmentation project: strict separation of administrative IT, clinical systems, and medical technology into separate network zones.

The Attack

Initial access was gained through a compromised webmail account. The attackers (presumably a LockBit affiliate) moved laterally within the administrative network and compromised the Active Directory server. At 23:40, they began the encryption process.

What Segmentation Prevented

Although the administrative network was significantly affected, all critical systems remained operational:

Hospital Information System (HIS): In its own zone, accessible only via an application proxy
PACS (imaging): Isolated VLAN, no connection to the administrative network
Medical technology: Ventilators, infusion pumps, monitoring in a separate OT segment
Emergency room: Own network segment with fallback to paper documentation

Recovery

The administrative IT was restored from backups within 8 days. During this time, clinical processes continued on the segmented systems – limited but functional. No patient needed to be transferred.

Investment and Outcome

The segmentation project cost approximately 800,000 EUR over two years. The prevented damage? Comparable hospital attacks (Lukas Hospital Neuss, University Hospital Düsseldorf) caused damages of 5-20 million EUR and weeks of operational restrictions.

Key Facts

Industry: Healthcare (KRITIS)

Attack Type: Ransomware (LockBit affiliate)

Affected Systems: Administrative network (AD, file server, mail)

Protected Systems: HIS, PACS, medical technology, emergency room

Recovery Time: 8 days (administration), 0 days (clinical operations)

Fact: According to Sophos, in 2024 around 66 percent of all healthcare organizations were affected by at least one ransomware attack.

Fact: The BSI (Federal Office for Information Security) classifies the healthcare sector as one of the most endangered KRITIS areas – with over 400 reported security incidents in 2024.

Frequently Asked Questions

Why are hospitals particularly frequent targets of cyberattacks?

Hospitals have a low tolerance for downtime, outdated IT systems, and a large attack surface due to medical technology. Attackers speculate on quick ransom payments to avoid endangering patient care.

How much does OT segmentation cost for a hospital?

Depending on size and complexity, between 500,000 and 1.5 million EUR over 2-3 years. Compared to the costs of a successful attack (5-20 million EUR), this is a worthwhile investment.

What role does network segmentation play in securing medical devices?

Medical devices often run on outdated software that cannot be patched. Through network segmentation, these devices are separated into isolated zones, so a compromised device cannot access other critical systems. Combined with monitoring of network transitions, an effective protective layer is created even without direct device updates.

NIS2 Directive: What Companies Need to Know

Cyber Insurance 2026

Zero Trust: The 7 Most Common Mistakes

More from the MBF Media Network

Header Image Source: Pexels / contact me +923323219715

Print article