Coronavirus test results delayed by cyber-attack on Czech hospital

News by Rene Millman

Hackers launched cyber-attack on a hospital in Czech Republic, stalling dozens of coronavirus test results

Hackers have launched a cyber-attack on a hospital in Czech Republic, delaying dozens of coronavirus test results, days after the government declared a state of national emergency.

Prime Minister Andrej Babiš has declared a nationwide quarantine beginning on 16 March, effectively placing nearly 11 million people under curfew until 24 March. There were 298 confirmed cases in Czech Republic on 15 March.

According to a report from the Czech News Agency, an attack on the computer systems of the University Hospital in Brno occurred on Saturday, 14 March, at 2am.

"Gradually, the individual systems were falling, so all computers had to be shut down," hospital director Jaroslav Šterba told .

He added that while laboratories, haematology, microbiology, biochemistry and more sophisticated laboratories for tumour diagnostics, radiological systems work,there is no possibility to transfer information from these laboratories to the database system.”

"We are able to investigate patients, but we are not yet able to store data. Patient care is maintained, and we are working to be able to store data for hours," he added.

The report said that the country’s National Cyber ??and Information Security Authority (NÚKIB) is working to identify the problem. 

Following the attack, a hospital in nearby Kyjov has introduced security measures and cut off email systems from the outside.

With so many hospital staff having to go above and beyond the call of duty in an effort to try and halt the spread of coronavirus, they aren’t thinking about cyber-security and, of course all the security training goes out the window, which can lead to breaches, said Flavius Plesu, founder and CEO of OutThink.

Hackers know this and will be specifically targeting the healthcare sector,” he told SC Media UK.

My advice to security teams working in the healthcare sector in any country would be to expect an attack imminently as hackers will ruthlessly target them. Emergency protocols should be put in place and sensible security systems deployed, particularly for staff that pose a high risk or have access to critical systems and patient health records. Funny training videos and box ticking compliance measures must go out the window – this is a real threat that needs a practical, proactive response."

Cyber-criminals are generally remorseless and have attacked cancer centres, hospices and children’s hospitals over the last few years, noted Kelvin Murray, senior threat researcher at Webroot International.

If anything, we will only see an increase of attacks during a crisis such as this. The healthcare sector needs a complete cultural change with regards to cyber-security to stop them suffering disproportionately to the rest of the organisations out there,” he told SC Media UK.

Not having access to a patient’s medical history could make treatment of potentially infected coronavirus patients difficult, if not impossible, warned Liviu Arsene, global cyber-secuity researcher at Bitdefender.

If life-sustaining medical equipment becomes affected by these attacks, patient lives could also be endangered and potentially lost. It’s recommended that hospitals have emergency backup systems in place that ensure operational continuity for both databases and infrastructure in case of potential outages caused by malware outbreaks or cyber-attacks,” he told SC Media UK.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews