Hospital Brno in Czechia hit by a cyberattack during COVID-19 virus crisis


University Hospital Brno is used to test patients for coronavirus infections – cyberattack halts the operations

Czechia's University Hospital Brno suffered a cyberattack

Czechia's University Hospital Brno suffered a cyberattack

The second-largest hospital in the Czech Republic was hit by a massive cyberattack in the middle of the coronavirus outbreak. The incident happened on Friday night, which prompted the authorities to close down the entire IT network, majorly disrupting the operation in the facility – staff were told not to turn their computers back on. Patients who turned up at the hospital were diverted to other establishments while it is figured out how to make the systems running again.

University Hospital Brno is one few establishments in the country that is conducting tests for the COVID-19 virus and is currently treating an 84-year-old woman who contracted the infection earlier. The incident shows how cybercriminals can aggravate the global health crisis and stall operation of major establishments that are dealing with it during this busy and difficult time.

Nature of the attack is not yet clear

The cybersecurity incident occurred at approximately 5 AM on Thursday night, followed by an announcement, which was repeated every 30 minutes until 8 AM. At this time, the hospital declared that it would be postponing major surgeries.[1]

While the University Hospital Brno did not disclose the reason for the breach and whether the malware was involved, it must have been serious. Many new patients were sent to receive help at the nearby hospitals, such as St. Anne’s University Hospital. Additionally, two branches, including Maternity Hospital and the Children’s hospital, were shut down during the attack as well.

Before the attack, University Hospital Brno was conducting around 20 COVID-19 virus tests daily. With more than 300 cases of coronavirus in the Czech Republic confirmed, the need for the tests will increase drastically, and incidents like this prevent the staff from doing their jobs.

Hospital’s IT staff, along with the National Cyber and Information Security Agency of the Czech Republic, started the recovery operations.

Security experts warn the health sector to be “extra vigilant”

Cyberattacks in the health sector are not that rare at all – data breaches and ransomware attacks plague the industry. In most cases, attack vectors are phishing emails (malicious attachments) or intrusion via the Remote Desktop connections.

In 2018, testing laboratory Labcorp was infected by SamSam ransomware,  which reduced the productivity of the company by about 90% during the disruption. Most recently, many major ransomware strains like Maze,[2] Nemty, DoppelPaymer,[3] Sodinokibi, and others, started practicing a new trend: if the demand of paying a ransom is not fulfilled, malicious actors threaten to expose the sensitive information leaked during the attack to the public. As a result, thousands of patients could be at risk of having their information compromised.

OutThink’s cybersecurity firm CEO Flavius Plesu said that IT staff at hospitals should be extremely aware of the situation, as cyberattackers are ready to abuse the coronavirus outbreak in order to benefit financially:[4]

At times of increased risk, security teams must be extra vigilant and understand that the risk of a cyber attack is much higher than usual as hackers try to take advantage of tired, overstretched staff that potentially have their guards down

The expert also said that security teams in the health sector should be prepared for attacks, as it is not a matter of “if” but rather “when.” He advised to deploy all the necessary precautionary measures:

Emergency protocols should be put in place and sensible security systems deployed, particularly for staff that pose a high risk or have access to critical systems and patient health records

Hospitals are not the only targets of cybercriminals, however. Worldometer, a website that publishes live statistics about COVID-19 victims was recently affected by DDoS attack, and later – a hack, which allowed cybercriminals to past fake infection numbers of the virus in the Vatican.[5]