European health care giant Fresenius Group grappling with computer virus

Fresenius Group, a health care conglomerate that includes a major pharmaceutical firm, said the incident affected some of its production.
The computer virus has hindered production at Fresenius Kabi, the group's pharmaceutical business. (PresidenciaRD/Flickr)

Fresenius Group, a big European health care conglomerate, said Wednesday that a computer virus had infected at least one of its businesses’ IT systems. It’s another sign that malicious hackers see medical organizations as fair game despite a global health crisis.

The Germany-based corporation said the security incident had hampered some production in its pharmaceutical business, Fresenius Kabi, which makes everything from nutritional products and infusion therapies to pain relievers that are in high demand during the coronavirus pandemic.

Fresenius Group spokesperson Steffen Rinas declined to specify which production units were affected by the malware. He did say that Fresenius’s hospitals — said to be the largest private network in Europe — were not affected by the incident. The company did not specify the nature of the virus.

“As a precautionary measure in accordance with the security protocol drawn up for such cases, steps have been taken to prevent further spread,” Rinas said in an email. “Nevertheless, our production continues with certain limitations. Also, our patient care continues. Our IT experts are continuing to work on solving the problem and ensuring that operations run as smoothly as possible.”


Reports from independent journalist Brian Krebs and German technology news outlet Golem said the computer virus was ransomware, raising the possibility that Fresenius would have to negotiate with hackers or rebuild its systems.

There were also signs the malware had spread to other parts of Fresenius’s corporate empire, which reported $38 billion in sales for 2019. The malicious code affected Fresenius’s pharmaceutical business in Norway, according to Norwegian newspaper Halden Arbeiderblad. The company has a factory in Halden, south of Oslo, that produces pharmaceuticals.

Rinas, the Fresenius Group spokesperson, said the Norwegian plant was continuing production “with certain limitations.” He declined to elaborate.

Criminal and government-linked hackers have consistently looked to hack health care organizations and government bodies responding to the COVID-19 crisis. Criminals typically hack these organizations to try to extort them; multiple ransomware attacks on companies involved in pandemic response have been reported.

Spies, on the other hand, are looking for intelligence or to steal information that can help treat the virus. With a vaccine for the respiratory disease likely still many months away, U.S. and U.K. cybersecurity officials on Tuesday warned that government-linked hackers would continue to target medical organizations.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts