- A hospital in Tournai, Belgium, is dealing with a widespread infection that has affected 27% of its systems.
- The hospital is forced to redirect incoming urgent cases elsewhere and has also canceled future parent consultations.
- The actors haven’t made any ransomware demands yet, so this may be another case of erroneous targeting.
Center Hospitalier de Wallonie Picarde (CHwapi) in Tournai, Belgium, is currently redirecting all incoming patients to nearby hospitals and medical clinics, as a cyberattack that took place last Sunday has left its systems crippled. More specifically, 80 out of its 300 servers have been infected, possibly by ransomware, but the systems which haven’t been affected by this cannot return to normal operations due to the fear of being locked down too.
The latest announcement on the hospital's website mentions the following:
- All urgent cases will be redirected to other hospitals.
- Information sessions for future parents are canceled.
- Consultations are maintained.
- Surgical operations have resumed since January 20, but the schedule has been moved.
- The distribution of COVID-19 vaccines is not disrupted.
On the positive side, the hospital clarified that no patient data had been compromised, meaning that the actors haven’t stolen anything. However, we can’t rule out the possibility of this being closer to wishful thinking than a solidly-based statement. We should point out that a team from the Federal Police’s Computer Crime Unit is on-site supporting the hospital center's IT team, so experts are involved in the remediation of the situation.
In the meantime, the staff has returned to using pen and paper, while the patients who had their appointments canceled will be notified by phone or SMS. So far, there have been no urgent cases that were redirected elsewhere and had detrimental effects on the patient’s health, but as long as the situation continues, this remains a dire possibility. Thankfully, the town of Tournai has another two large hospitals that can receive the additional burden, even if the coronavirus pandemic situation is still ongoing and pressing.
The weirdest part of the story is that, according to the investigators, no ransom demands have been made by the hackers. This could be an indication that the hospital was targeted by mistake, which has happened before with grievous consequences. Considering that almost a week has passed since the infection, the actors should have declared their demands until now. Also, we couldn’t find anything relevant, having leaked on the dark web or the various extortion portals of the most prevalent ransomware actors.