Security News Largest Croatian hospital under cyberattack

[Viking]

Content source

https://www.helpnetsecurity.com/2024/06/27/largest-croatian-hospital-under-cyberattack/

The University Hospital Centre Zagreb (KBC Zagreb) is under cyberattack that started on Wednesday night, the Croatian Radiotelevision has reported.

Because of the attack, the hospital has shut down its information system and will be switching parts of it online once they are sure it’s safe to do so.

All services are working, but the processing of patients is slower than usual, Milivoj Novak, Assistant Director at the hospital, has said in a press conference.

The hospital’s emergency service and medical laboratories are functioning normally, he said. The slowdown is due to the current impossibility to print out medical reports and staff having to write them by hand. It’s also possible that some patients will be redirected to other hospitals.

Novak has said that patients’ information hasn’t been leaked/exfiltrated – though this is likely a preliminary finding.

It is currently unknown whether the cyberattack against the hospital involved the deployment of ransomware, and whether it’s connected to yesterday’s DDoS attacks on the websites of several Croatian government and financial institutions: the Ministry of Finance, the Tax Administration, the Croatian National Bank (HNB), the Economic Bank of Zagreb (PBZ), and the Zagreb Stock Exchange (ZSE).

The attacks have been claimed by the pro-Russian NoName057(16) hacker group and have resulted in a temporary unavailability of the institutions’ websites and online portals. The sites are back online now.

Largest Croatian hospital under cyberattack - Help Net Security

KBC Zagreb, the largest Croatian hospital, is under cyberattack that started on Wednesday night, the Croatian Radiotelevision has reported.

www.helpnetsecurity.com

 

[Marko :)]

Nice try Russia. You won't stop us from delivering humanitarian and military aid to Ukraine.

 

[Viking]

The University Hospital Centre in Zagreb, Croatia, has been claimed by the LockBit ransomware group barely a week after the healthcare organization announced it was hit by a cyberattack last Thursday.

Located in the capital city of Zagreb, the publicly funded teaching hospital, also known as KBC Zagreb, was back online just 24 hours later according to local news reports, adding that over 100 experts were tasked with restoring IT systems to full functionality.

Hospital officials said the June 27th attack had incapacitated its networks, forcing emergency patients to be diverted to other Zagreb hospitals, taking the facility “back 50 years - to paper and pencil,” reported Croatian Radio.

Patient safety was never in jeopardy, hospital officials had said.

“All tests can be done to some extent, but the radiological system, which is particularly dependent on information support, is perhaps the most severely affected,” said KBC Zagreb’s head of Emergency Admissions, prof. Ph.D. Ivan Gornik, the news station reported.

https://cybernews.com/news/croatia-kbc-zagreb-hospital-cyberattack-lockbit/

 

[Marko :)]

Hmm... Russians keep bombing Ukrainian hospitals but they "have principle of not touching medical facilities".

Minister of Health said it is still unknown if hackers had access to any user data and there would be no negotiations with the criminals.

 

[brambedkar59]

Hmm... Russians keep bombing Ukrainian hospitals but they "have principle of not touching medical facilities".

Minister of Health said it is still unknown if hackers had access to any user data and there would be no negotiations with the criminals.

War is the way of corrupt leaders to stay in power. We see two nations right now doing similar things and they both like bombing hospitals.
"birds of a feather flock together"

 

[oldschool]

War is the way of corrupt leaders to stay in power. We see two nations right now doing similar things and they both like bombing hospitals.
"birds of a feather flock together"

Don't get me started. My country is largely responsible for enabling one of them, and it's shameful beyond words.

 

[Marko :)]

Interesting plot twist to the story, if anyone is wondering.

Jutarnji list (one of the most popular Croatian daily newspapers) just published paywalled article on their website saying how Croatian security services managed to hack the hackers. They found out where they kept stolen files and decryption keys, so they got all data back. Stolen data is returned to the hospital and is in the process of implementation into hospital's systems. That's all the info we got from the paywalled article and since I don't have subscription, I can't access the details (unfortunately, none of the ways bypassing paywall don't work on that site). I'm waiting for other media to pick up the story so we can see more details.

https://archive.is/cT0tz (partial article in Croatian)

 

[cartaphilus]

Nice try Russia. You won't stop us from delivering humanitarian and military aid to Ukraine.

I wonder what security suite they have on contract to protect them. I always wonder about that each time major corporation gets hit since no one ever mentions what cyber protections were being employed to guard against such attacks? I understand that they probably don't want to get sued by badmouthing a corp cybersecrity company but honestly...after that large lapse of security...why not?

And I am not talking JUST about this attack I am talking about every other info stealer, database dump, user info theft that has been going on for the past decades. Having your database stolen is so 2010's especially now with large advancements in Data Loss Prevention blades.

 

[Marko :)]

I wonder what security suite they have on contract to protect them. I always wonder about that each time major corporation gets hit since no one ever mentions what cyber protections were being employed to guard against such attacks? I understand that they probably don't want to get sued by badmouthing a corp cybersecrity company but honestly...after that large lapse of security...why not?

And I am not talking JUST about this attack I am talking about every other info stealer, database dump, user info theft that has been going on for the past decades. Having your database stolen is so 2010's especially now with large advancements in Data Loss Prevention blades.

Probably no contract with any security company, but a shady deal with someone's cousin. No, seriously. In Croatia, all public tenders on state level are rigged to benefit one company whose owner is someone connected to the ruling party HDZ.

When COVID-19 vaccines came, government made a deal with company which does floral decorations for weddings, for a website where people could apply for vaccination. Of course it was simple WordPress site which never worked as intended and was more down than it was working; total fiasco apparently worth approximately 212.356€. It's just a coincidence that the owner of the company which created the website was personal friend and photographer of our health minister. Multiple IT specialists offered to create a website for free, but government declined the offers and pretended like website works like intended, only to later acknowledge it was a total fiasco and non functional. Two years after COVID-19, company was raided by the state attorney's office and as of this moment is under investigations.

Just for the reference, same attacks were carried on the Zagreb Holding, city owned holding company for all public services. No data was stolen and the attack was repelled. Why? Because we in the capital don't have corrupt political party on power, but new centre-left green party. Ever since they took over the city in 2021. there were 0 corruption affairs and there weren't any rigged public tenders. So instead having someone's cousin maintaining city's IT sector, they use some reputable IT company which knows what is doing.