The Berlin Hospital Association (BKG) has warned of a series of seemingly “inexplicable incidents” affecting hospitals and health care facilities across the capital, ranging from drone incursions and cyberattacks to forced entry and arson. Germany’s security and intelligence services have classified at least some of these incidents as potential acts of hybrid warfare, the BKG said, and warned that protecting health care facilities is “no longer a purely internal matter for hospitals, but a task that must be addressed together with the security services.”
For security reasons the BKG did not disclose precise locations. It said the “growing hybrid threat” prompted it to raise awareness among Berlin hospitals to establish effective self-protection. Berlin has more than 80 hospitals, including Charité, Europe’s largest university hospital.
Explosions, arson and cyberattacks have featured in the recent wave of incidents. In November, a powerful explosion severely damaged Vivantes hospital in southeast Berlin, and hours later a fire broke out at the entrance to Charité in Mitte. Both incidents damaged areas used to treat cancer patients and prompted state security to open investigations on suspicion of politically motivated arson. Over the summer, six fires reportedly broke out in the basement of the Bundeswehrkrankenhaus (BWK) military hospital in Mitte; media speculation linked those incidents to the treatment of Ukrainian soldiers.
The Federal Office for the Protection of the Constitution (BfV) told DW that it is not currently “observing any increased [hybrid] activities by foreign intelligence services or other agencies of foreign powers in connection with hospitals.” It noted, however, that hospitals have been targeted by various cybercriminal actors in recent years and said it is investigating a series of ransomware attacks by suspected Russian cybercrime actors in Germany. The BfV added that the line between cyberespionage and cybercrime is increasingly blurred and that direct links to Russian state agencies cannot usually be clearly proven.
Manuel Atug, founder of AG Kritis, an association focused on IT security and resilience of critical infrastructure, said hospitals are more likely to be targeted by ransomware gangs seeking money than by state-sponsored actors. “It is almost always a question of money,” he told DW, while acknowledging rare cases of sabotage or espionage. Atug said hospitals have been broken into and drones have flown over hospital sites. He pointed to chronic underinvestment—especially in smaller, publicly funded hospitals—as a key reason facilities are poorly prepared. Some hospitals with funds prioritize revenue-generating departments over system-wide resilience.
Atug also warned of a “growing willingness to use violence against those trying to help,” attributing part of the problem to misinformation spread online. Data from Germany’s Federal Criminal Police Office show rising attacks on emergency services: in 2024 there were 683 recorded cases of violence against firefighters affecting 1,012 people, and 2,042 cases recorded for other rescue workers.
On January 27 a suspected arson attack at the Berlin Jewish Hospital injured 14 people after a 71-year-old patient allegedly set fire to an object in his room; Berlin’s State Criminal Police is investigating in coordination with security services. Earlier in January, sabotage of power lines in southwest Berlin left around 100,000 people without heating, power and internet for several days in freezing temperatures; the left-wing extremist Vulkangruupe (“Volcano Group”) claimed responsibility.
Experts say Germany still has much to do to protect critical infrastructure. Felix Neumann, an extremism and counterterrorism expert at the Konrad Adenauer Foundation, said steps have been taken but often “too late and not enough.” He said Germany is not fully set up for the current threat environment, though talks and strategies are underway.
Berlin has begun moving in the right direction: the state presented a Civil Defense of Hospitals Framework Plan (ZVKH) in summer 2025, the first of its kind among German states, the BKG said. Still, Neumann and other experts stress the need for targeted investments in structural and technical resilience.
A study by the German Hospital Institute and the Institute for Health Care Business identified a long list of security shortfalls: staff shortages, lacking cybersecurity and on-site security, unguarded access points, and inadequate preparation for chemical, biological, nuclear and military threats. Storage capacities for medicine, blood products and emergency power were judged sufficient only for peacetime; similar vulnerabilities apply to rehab facilities, nursing homes and psychiatric clinics. The study estimated an initial investment need of €2.7 billion and additional operating costs of €670 million per year to defend German hospitals against the current threat level of cyberattacks and sabotage.
On January 29 the Bundestag passed the “KRITIS-Dachgesetz” to strengthen protection of critical infrastructure, including IT and telecommunications, amid rising attacks and espionage in Europe. The law was tightened following the southwest Berlin power-line attack and obliges companies and institutions in strategically important sectors to improve physical protection of their facilities. The law also aims to restrict access to sensitive information about infrastructure vulnerabilities, such as precise power-line routes.
In a statement the Berlin State Department of the Interior said there remains a “high level of abstract risk” due to intensified espionage and sabotage by foreign intelligence services—particularly Russia—and the rising threat from extremist groups. “Both anti-constitutional actors and intelligence services are involved in activities aimed at disrupting public order, attacking the state’s ability to act, and spreading fear and terror among the people, institutions and companies affected,” the statement said.
Edited by: Rina Goldenberg