BSI records 138 healthcare cyberattacks

Germany’s federal cyber agency has put numbers on a risk hospital executives and clinicians have been describing for years: cyber incidents are hitting healthcare systems often enough to threaten routine care. The Federal Office for Information Security, known as the BSI, said in an April 2026 publication that it recorded 138 security-relevant incidents in healthcare between October 2024 and September 2025. The same report said Germany’s telematics infrastructure — the network that connects practices, hospitals and pharmacies — accounted for 62 of those cases, up from 28 in the previous reporting period. That count matters because the BSI describes the telematics infrastructure, or TI, as part of the system used to move medical documents securely across Germany’s health sector. The agency’s English-language eHealth material says the TI links doctors’ offices, hospitals and pharmacies, while its healthcare report said increased use of TI applications helped explain the rise in incidents recorded there. (bsi.bund.de) ### Why is the telematics infrastructure showing up so often? The BSI’s 2025 healthcare report said the largest share of incident reports fell into the telematics-infrastructure category, ahead of providers, products and other cases. The report tied that pattern to broader use of TI-linked services rather than to a single disclosed outage or one named attacker. (bsi.bund.de) Germany’s health system has been pushing more care and administration through digital channels, including the TI and electronic health records. The BSI says its eHealth work covers the electronic health card, the TI and the cybersecurity of medical technology used in Germany. ### What does the 138 figure actually cover? (bsi.bund.de) The BSI’s April 2026 notice introducing its healthcare cybersecurity publication said the document offers a snapshot of the current state of cyber risk in the sector and that attacks on doctors’ practices and hospitals remain a threat. The 138 figure in the report covers “security-relevant incidents” logged over the 12 months from October 2024 through September 2025. (bsi.bund.de) The same report breaks those incidents into four affected categories: telematics infrastructure, service providers, manufacturers and products, and other cases. That means the total is not limited to hospital ransomware events; it includes a wider set of healthcare-related security reports collected by the agency. (bsi.bund.de) ### Where does the Mainz patient-data case fit in? SWR reported on May 22, 2026, that unknown attackers stole data tied to nearly 2,800 patients at Mainz University Medical Center through an incident involving external service provider Unimed. The broadcaster said the stolen records included diagnoses, addresses and billing information, and that patients in Rhineland-Palatinate were among those affected. (bsi.bund.de) SWR’s report describes that breach as a separate regional case, not as the source of the BSI’s 138-incident total. Taken together, though, the national BSI report and the Mainz case show the two main healthcare cyber risks hospitals talk about most: disruption of digital systems and theft of sensitive patient data. That is an inference based on the two reports. (swr.de) ### Why are hospital executives hearing so much about NIS2? Germany’s BSI says NIS2 now applies through the country’s updated legal framework and provides sector-specific guidance for healthcare entities that fall within scope. The agency’s NIS2 materials say healthcare organizations explicitly covered by the law face cybersecurity obligations and incident-response requirements. (bsi.bund.de) Legal briefings published after Germany’s implementation took effect said the new rules expanded board-level accountability and required in-scope entities to register with the BSI. Those briefings are not the law itself, but they reflect the compliance pressure hospital management teams are now working under. ### What should clinicians take from this? (bsi.bund.de) The BSI’s incident-response guidance says organizations’ business and operational processes depend on functioning IT infrastructure and asks what they should do to prepare for security incidents. In healthcare, that translates into downtime planning for scheduling, records access, imaging, prescribing and follow-up workflows. (reedsmith.com) The BSI’s healthcare report is available on the agency’s website, and SWR said affected Mainz patients can seek information through the University Medical Center Mainz data-protection office. (bsi.bund.de 1) (bsi.bund.de 2)