In recent days, hospitals in the Belgian healthcare group Vivalia have decided to cancel thousands of consultations due to a ransomware attack. Attacks on Belgian healthcare institutions are on the rise. Lower maturity in their security approach and IT budgets that are under pressure are taking their toll.
Six thousand consultations. That many were scheduled within Vivali health facilities in the week of May 23 and canceled again unless the doctor contacts the patient again. In principle, it will not take place without emergency surgery. The website states that all emergency aid was always provided. However, the resumption of the usual consultations will depend on the extent of the restart of the information systems. “We are now focusing on restoring the IT system within a secure framework,” said Vivalia CEO Yves Bernard. The judicial part of the case is in the hands of the federal judicial police and the prosecutor. Full recovery would take weeks to months.
Criminals behind Vivalia ransomware claim to have stolen 400 gigabytes of data
Vivalia’s servers were affected by Lockbit ransomware. According to CCB (Center for Cyber Security Belgium), this is also the player most used today, next to Conti.
Criminals behind Vivalia’s ransomware claim to have stolen 400 gigabytes of data, which they threaten to release over the next few days. For a period, there was talk that the payroll of the employees was also in jeopardy. Vivalia has since indicated that healthcare professionals will simply receive their pay at the end of the month.
The timing was unfortunate. This weekend, the so-called Maitrank folklore festival took place in Arlon. Due to the cyber attack, the mayor of the city of Arlon has already decided to set up an outpost during the festivities over the weekend, to avoid further strain on the hospital.
Although it is not yet clear how the rivalomware infection at Vivalia took place, phishing emails with links to malicious software are still one of the most common attack channels for ransomware. In early 2020, a phishing email appeared at a care center in Willebroek, causing all of the city council’s computers to shut down in no time. In this case, the municipal council or care centers were located within the same (IT) network. Which is often the case with hospitals or rest institutions: They are often part of a larger group.
It also seems to be a misconception to assume that (only) traditional administrative or PC employees are most susceptible to an attack in healthcare institutions. “In the case of a hospital, administrative staff have more experience with phishing emails because they come in contact with them more often. Physicians have different priorities so they may be more likely to click, “notes Arnout Van de Meulebroucke, CEO and founder of Phished.
Low maturity in care
“A recent report from NTT shows that the maturity of safety programs in the healthcare sector is among the lowest of all sectors surveyed”
The ransomware attack on the hospitals of Zorggroep Vivalia is the next in a series of attacks on Belgian health organizations. For example, CHwapi Hospital in Tournai and Sacred Heart Hospital in Mol were hit by ransomware attacks last year. Previous research by security specialist Barracuda showed that cybercriminals are more likely to target the healthcare sector. Between August 2020 and July 2021, 13 percent of ransomware attacks observed by Barracuda were targeted at the healthcare sector.
The attacks are not surprising. In a healthcare institution, the IT infrastructure is (literally) a matter of life or death. With ransomware, a hospital that is unable to recover data or avert the attack quickly or quickly enough is tempted to pay a ransom. ‘Hospitals constantly need their networks and devices to quickly share data between medical staff and to ensure vital equipment continues to function,’ says Van de Meulebroucke. This makes them an ideal target, especially because the security approach sometimes falls short. A recent report from NTT shows that the maturity of security programs in the healthcare sector is among the lowest of all sectors surveyed.
In addition, the budgets. The corona pandemic and rising inflation are also giving hospitals financial problems. Last week, a Dutch study conducted by the consulting firm KPMG showed that hospitals are under great pressure to further reduce existing ICT costs. Or how that attack on the Belgian hospitals did not come out of the blue.