Cyber-attack causes major disruptions to small-town Czech hospital

Benešov hospital, photo: ČTK/Jan Kholl

The danger of cyber-attacks on key infrastructure was made clear in the Czech Republic on Wednesday, when one left a small-town hospital largely immobilised, forcing staff to move some patients to other facilities. But what kind of attack was it? And can such threats place lives in genuine danger?

Benešov hospital,  photo: ČTK/Jan Kholl
Shortly after 2 pm on Wednesday, the local hospital in the central Bohemian town of Benešov came under a sustained cyberattack that left staff unable to use x-rays, ultrasound or laboratory instruments.

All planned operations had to be postponed and some patients were transferred to hospitals in nearby towns.

Pavel Kurka works for the company CNS, which provides cyber security to medical facilities.

“Going by the information in the media, it was probably a ransomware attack. Ransomware is software that encrypts the data on discs at the hospital and may block access to its computers. It could have either been a general attack or a targeted one. In the latter case, the attackers attempt to blackmail the victim and demand a ransom. It’s possible the attackers calculated they could put more pressure to pay a ransom on this hospital, where obviously people’s health and lives are on the line.”

Roman Mrva, head of the board at the Benešov hospital, says it should be back in full operation within days rather than weeks.

“Today everything, whether it’s ultrasound or x-rays, has a computer that saves records in an archive. We don’t know if this hacking attack affected all our computers, so we can’t turn anything on at all. We need to disconnect 500 computers from out network and reinstall them – and then hope that the virus won’t have caused more damage and that they work.”

Cyber security expert Pavel Kurka says reported attacks of this kind occur in the Czech Republic on average once or twice every year. And they could have extremely serious consequences.

Benešov hospital,  photo: ČTK/Jan Kholl
“If this software attacked devices used, for instance, in intensive care units and knocked out those devices, then it is possible that the lives of those patients could be threatened.”

Mr. Kurka says those responsible for hacking attacks of this kind employ ever more sophisticated methods, leaving organisations playing constant catch-up. Cash-strapped hospitals may find this a particular challenge, he adds.

“The security of what is called critical infrastructure – the infrastructure necessary for the state to function – is regulated by law and decrees handed down by the National Cyber and Information Security Agency. But naturally it’s also a question of the money that an organisation has at its disposal. Generally speaking, we hear that funding is lacking in the health service – and that may have an impact on IT solutions.”