Berlin’s hospital association (BKG) has raised the alarm over a wave of unexplained incidents at medical facilities across the city, including drone overflights, cyberattacks, break-ins and arson. The association says Germany’s security services view at least some of the events as potential hybrid-warfare acts, and it warns that protecting hospitals is no longer solely a hospital management issue but must be coordinated with security agencies.
For security reasons the BKG declined to name specific sites. It said the growing hybrid threat has led it to push Berlin hospitals to strengthen their own protective measures. The city has more than 80 hospitals, among them Charité, Europe s largest university hospital.
Recent cases have included explosions, deliberate fires and ransomware operations. In November a powerful blast badly damaged Vivantes hospital in southeast Berlin, and hours later a fire was set at the entrance to Charité in Mitte; both incidents hit areas used to treat cancer patients and prompted state security probes on suspicion of politically motivated arson. Over the summer six basement fires were reported at the Bundeswehrkrankenhaus (BWK) military hospital in Mitte, incidents that media linked to its treatment of Ukrainian soldiers.
The Federal Office for the Protection of the Constitution (BfV) told DW it is not currently observing a clear rise in hybrid activity by foreign intelligence services targeting hospitals, but it said hospitals have been frequent targets of cybercriminals in recent years. The agency is investigating a string of ransomware attacks in Germany attributed to suspected Russian cybercrime groups and noted the boundaries between cybercrime and state-sponsored cyberespionage are increasingly blurred, making direct links to state agencies hard to prove.
Manuel Atug, founder of AG Kritis, an association focused on IT security for critical infrastructure, said financially motivated ransomware gangs are the more common threat, although sabotage and espionage have occurred. He said hospital sites have been physically broken into and drones have flown over facilities. Atug pointed to chronic underinvestment, especially in smaller public hospitals, as a reason many institutions are ill prepared; where money is available it is often spent on departments that generate revenue rather than on system-wide resilience.
Atug also warned of an increased willingness to use violence against emergency personnel, a trend he links in part to online misinformation. Federal Criminal Police Office data show rising attacks on emergency services: in 2024 there were 683 recorded cases of violence against firefighters affecting 1,012 people and 2,042 cases recorded against other rescue workers.
On January 27 a suspected arson at the Berlin Jewish Hospital injured 14 people after a 71-year-old patient allegedly set a fire in his room; state police are investigating with security services. Earlier in January sabotage of power lines in southwest Berlin left around 100,000 people without heating, electricity and internet during freezing weather; a left-wing extremist group calling itself the Vulkangruupe, or Volcano Group, claimed responsibility.
Experts say Germany still has significant work to do to secure critical infrastructure. Felix Neumann, an extremism and counterterrorism expert at the Konrad Adenauer Foundation, said measures taken so far have often come too late and are insufficient. He and others stress the need for targeted investment in structural and technical resilience. Berlin has taken steps: the state presented a Civil Defense of Hospitals Framework Plan (ZVKH) in summer 2025, the first state-level plan of its kind in Germany.
A study by the German Hospital Institute and the Institute for Health Care Business catalogued many shortfalls: staff shortages, weak cybersecurity and on-site security, unguarded access points and poor preparedness for chemical, biological, radiological and military threats. Storage for medicines, blood products and emergency power was judged adequate only for peacetime; similar vulnerabilities affect rehab centres, nursing homes and psychiatric clinics. The study estimated initial upgrades would cost about €2.7 billion, with around €670 million in extra annual operating costs.
On January 29 the Bundestag passed the KRITIS-Dachgesetz to bolster protection of critical infrastructure, including IT and telecommunications, and to tighten rules after the southwest Berlin power-line attack. The law requires operators in key sectors to enhance physical security and restricts public access to sensitive infrastructure information.
The Berlin State Department of the Interior said there remains a high level of abstract risk from intensified espionage and sabotage by foreign intelligence services, particularly Russia, and from extremist groups. It warned that both anti-constitutional actors and foreign intelligence services are pursuing activities that aim to disrupt public order, undermine state capacity and spread fear.