[German]The university hospital of the Czech city of Brno (German: Brünn) is currently suffering from an attack by ransomware. The clinic runs one of the largest laboratories for testing for Covid-19 infections.
I already became aware of the case in our neighbouring country a few hours ago through a tweet from Catalin Cimpanu.
I’ve update the article with more information about the incident.
– Infection was discovered at 5am in the morning
– Hospital warned staff via the public speaker system to shut down PCs
– Message blared for 30 minutes
– Everything was down by 8am and surgeries canceled
— Catalin Cimpanu (@campuscodi) March 13, 2020
The ransomware infection started at 2 a.m. and was probably discovered on Friday, March 13, 2020 at 5 am. Peter Gramatik, a security researcher at Sucuri, happened to be a patient at this clinic and witnessed the whole thing. He was then sent home from the clinic and reported some details via email to ZDNet.
Catalin Cimpanu writes on ZDNet that the clinic had to shut down the entire IT network as a result of the infection. Two other branches of the hospital, the children’s hospital and the maternity clinics, were also affected.
Gramatik informed ZDNet in his email that the hospital immediately made loudspeaker announcements to all staff, that all computers had to be shut down immediately for security reasons. This message was repeated as every 30 minutes. Then at about 8 a.m. all operations were cancelled by another public announcement over the hospital’s public address system. Gramatik was then sent home.
Following the outbreak of the incident, teams from the Czech National Cyber Security Centre (NCSC), the Czech Police (NCOZ) and hospital IT staff are now working together on site to restore the hospital’s IT network.
The incident is considered serious and will be treated with the utmost urgency as the University Hospital Brno is one of the largest COVID 19 testing laboratories in the Czech Republic. It is currently unclear whether laboratory activities regarding coronavirus testing have been/are affected by the cyber attack. So far the incident has not been officially confirmed by the clinic – which ransomware it is. This tweet states that the incident has been confirmed by the Prime Minister.
Some scheduled operations have been cancelled as other hospitals in the area prepare to accept more acute cases than usual. Preparations are also underway to transfer the hospital’s coronavirus response capacity to other hospitals.https://t.co/qig1xYH2UN
— Brno Daily (@BrnoDaily) March 13, 2020
The article linked in the above tweet still contains some information. So the attack already started at 2am. The patients of the clinic were partly distributed to other hospitals in the city.