Brno University Hospital in the Czech Republic was hit by a major cyberattack on 12 and 13 March, causing an immediate computer shutdown in the midst of the coronavirus outbreak.

The hospital, which has one of the largest COVID-19 testing facilities in the Czech Republic, was forced to cancel operations and relocate new patients to other hospitals.

WHAT HAPPENED

The infection was initially reported at 5AM on 13 March, when the hospital decided to disconnect all computer networks.

“Gradually, the individual systems were falling, so all computers had to be shut down,” said hospital director Jaroslav Šterba.

Peter Gramantik, a patient at the time, said: “The hospital public announcement system started to repeat the message that all personnel should immediately shut down all computers due to ‘cyber security’. … Around 8AM there was another public announcement that all the surgeries are cancelled.”

Brno University Hospital is currently recovering capabilities, although it is not yet fully operational. For example, there are still no means of storing data, meaning that medics have to write and transfer their notes manually, which slows processes and potentially endangers lives.

Šterba explained: “There are laboratories, haematology, microbiology, biochemistry and more sophisticated laboratories for tumour diagnostics, radiological systems work, but there is no possibility of transferring information from these laboratories to the database system.”

Despite the involvement of police and the Czech National Cyber Security Centre, little is understood about the attack itself, including whether or not the COVID-19 testing facilities were impacted, although a ransomware attack is suspected.

The Brno Children’s Hospital and Maternity Hospital were also affected. As a result, neighbouring hospitals have increased their security measures.

THE LARGER PICTURE

The Czech Republic has only recently seen COVID-19 begin to spread in the country, highlighting the importance of working testing laboratories to identify and slow the infection. This is particularly pertinent given the virus’s fast rate of contagion, with the number of confirmed cases more than doubling to 298 in the two days following the attack.

Other cybercriminals have also been taking advantage of the public’s fear around the virus by targeting phishing attacks at citizens. These have included attacks under the guise of informational and health advice emails, which were used to spread malware and gain access to sensitive information, as well as holding a US public health district’s website hostage by ransomware.

ON THE RECORD

Flavius Plesu, CEO of human risk intelligence firm OutThink, responded to the attacks: "At times of crisis, hackers see opportunity. … Security teams must be extra vigilant and understand that the risk of a cyberattack is much higher than usual as hackers try to take advantage of tired, overstretched staff that potentially have their guards down.”

Liviu Arsene, global cybersecurity researcher at Bitdefender, added: “If life-sustaining medical equipment becomes affected by these attacks, patient lives could also be endangered and potentially lost. It’s recommended that hospitals have emergency backup systems in place that ensure operational continuity for both databases and infrastructure in case of potential outages caused by malware outbreaks or cyber-attacks.”