Belgian healthcare company Vivalia, based in the Luxembourg province, announced massive losses at a shareholder meeting on 28 June.
The health provider fell victim to a huge ransomware attack on 13 May, holding 400 gigabytes of patient information and computer systems hostage for several months. This severely disrupted the running of the group’s seven hospitals and six residential care centres, which provide 1,600 hospital beds.
During the attack, the group was forced to cancel appointments and scheduled operations. It also lost access to drug prescription and nursing records, which were all encrypted by the cyber criminals.
Now seven weeks after the initial attack, Vivalia has still not been able to get back to business as usual. Operations and consultations have restarted at four of its locations, but the hospitals still do not have access to all patient data.
“We are moving forward with the greatest caution so as not to be attacked again,” IT director of Vivalia, Yves-Henri Sreckx, told RTBF. “May 13 is for Vivalia what September 11 was for air transport.”
The scale of the disaster can be clearly seen in the group’s finances. Before the attack, Vivalia finished 2021 with a profit of €216,090. Now, the company has a sizeable deficit of around €9.7 million. This is around €7 million worse than before the pandemic in 2019.
- Ransomware group threatens to publish Vivalia patient data
- Propaganda war: Russia launches cyberattacks against 42 countries
“The outlook for 2022 is relatively pessimistic, due in particular to the increase in the cost of raw materials and energy, as well as the impact of the cyber-attack on Vivalia in May 2022,” the company stated.
Fortunately, thanks to successes in previous years, the company is able to offset some of its losses. It aims to reorganise some of its hospitals by 2025 and is currently constructing a new hospital in the Luxembourg province, as well as carrying out renovations.