Since 14 May, Belgian private hospital group Vivalia in Luxembourg province, Wallonia has been suffering from the consequence of a major ransomware attack which severely crippled the institution’s operating capacity.
As a result of the ransomware, patient records are no longer available and many are being conducted manually. The group controls seven hospitals and six residential care centres. The hospitals provide beds for around 1,600 and their running has been severely affected.
Computers across the company’s network have been entirely blocked with a ransomware message, which has encrypted the system files and demands payment of an unknown ransom from the Vivalia group.
On 18 May, cybercriminal group Lockbit claimed responsibility for the attack, threatening to publish around 400 GB of patient and hospital data to a dark web forum if its demands are not met, according to Cyber Threat Intelligence Analyst Anis Haboubi.
According to the message posted by the cybercriminals, they are in possession of patient data, their illnesses, employee data, and “much more” from four medical trusts
Lockbit is threatening to distribute or sell thousands of users’ data. In a comment to RTBF, Vivalia Group General Manager Yves Bernard said that the authorities had been notified of the development.
L'intercommunal Vivalia qui a récemment annoncé avoir subit une cyberattaque a été victime du gang de #ransomware Lockbit ;400 GO DE data: les données comprennent les données personnelles des patients et leurs maladies, les données personnelles des employés et bien plus encore. pic.twitter.com/5jvqEgv0ph
— Anis Haboubi |₿| (@HaboubiAnis) May 17, 2022
Translation: The intermunicipal Vivalia group recently announced that it suffered a cyberattack was the victim of the ransomware Lockbit gang; 400 GB OF data: the data includes personal data of patients and their illnesses, personal data of employees and much more.
“I have read the information. The case is being processed by the judicial police and the cybersecurity unit. Our priority is to restore all applications that allow us to treat our patients. The process is underway and we have a crisis meeting every morning at 8am,” Bernard said.
The hospital is already revising its practices and considering ways to prevent future attacks of this magnitude. The general manager admits that the staff are “not specialists” in cybersecurity but that they had “learned a lot since the attack on Saturday.”
According to the IT director of Vivalia, investments have been made into the group’s IT operations and are working to restore back-ups of files stored on hospital computers.
Open door to cybercrime
Belgium has a woeful record for cybersecurity, and much less the Belgian police’s capacity to fight it. Belgium ranks fourth in cybercrime density in the world, according to data from cybersecurity company Surfshark.
Belgium has earmarked €110 million to beef up the country’s cyber security capabilities. The Federal Judicial Police is asking for investment and around 1,000 extra staff to battle increasing digital crime.
Even the Belgian government has gone through a series of embarrassing cybersecurity blunders and scandals. In 2019, the entire computer system of the Federal Home Affairs Ministry was victim to a cyberattack by a foreign power, which was not discovered until several years later.
As previously reported by The Brussels Times, even the Belgian Defence Ministry’s network was knocked offline for four weeks in December 2021, forcing staff to use civilian messaging services such as Whatsapp to complete their work.