Brno University Hospital ransomware attack (2020)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date 13 March 2020[1], one day after the Czech government declared a state of emergency due to the COVID-19 crisis.[2]
Suspected actor Unknown
Target Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities.[3]
Target systems Microsoft Windows-based systems
Method The attackers probably used a spear-phishing technique to gain access to the hospital’s network[4] and then deployed ransomware into the network to encrypt the hospital’s data.[5]
Purpose The attackers most likely aimed at gaining financial profit.[4]
Result The hospital was forced to shut down its entire IT network.[6] The hospital personnel was instructed not to switch on any computer.[3] The medics were unable to access patients’ data[1] and had to write and transfer their notes manually.[5] Some data were lost irreversibly. The hospital had to postpone urgent surgical interventions and reroute patients to other nearby hospitals.[6] It took several weeks before the hospital was fully operational again.
Aftermath The attack turned into a particularly sensitive issue and raised notable concerns of both experts and the general public, as it hit a large hospital just at the outbreak of the COVID-19 crisis in Europe. To prevent more damage, the Czech National Cyber and Information Security Agency (NÚKIB) issued a set of reactive measures to be implemented by healthcare providers subject to the Cyber Security Act.[7] In April 2020, it also issued a binding statement of Warning[8] alerting of a high probability of an imminent cyber attack on Czech digital infrastructure, mainly on healthcare providers.[9] The Warning was noted with concern by, inter alia, the United States Secretary of State.[10] Due to this and a number of similar incidents around the world, the EU and NATO also voiced their concerns.[11]
Analysed in Scenario 14: Ransomware campaign

Collected by: Adam Botek

  1. 1.0 1.1 J Stephens, “Serious Cyber-attack Targets Brno University Hospital”, 13 March 2020, Brno Daily.
  2. Measures adopted by the Czech Government against the coronavirus”, 23 June 2020,
  3. 3.0 3.1 Brno’s University Hospital, a testing center for coronavirus, facing cyber attack”, 13 March 2020,
  4. 4.0 4.1 J Horák, “Na nemocnici v Brně zaútočil vyděračský virus, špitál povolal krizového IT manažera”, 20 March 2020, Aktuálně.cz.
  5. 5.0 5.1 S Porter, “Cyberattack on Czech hospital forces tech shutdown during coronavirus outbreak”, 19 March 2020, Healthcare IT News.
  6. 6.0 6.1 C Cimpanu, “Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak”, 13 March 2020, ZDNet.
  7. NÚKIB, “NÚKIB vydal reaktivní opatření pro vybrané subjekty ve zdravotnictví”, 22 March 2020.
  8. NÚKIB, “Warning against a cybersecurity threat in the form of an extensive campaign of cyberattacks on information and communication systems in the Czech Republic”, 16 April 2020.
  9. L Ponikelska, “Czechs Warn Hackers Are Preparing Cyber Attacks on Hospitals”, 16 April 2020, Bloomberg.
  10. U.S. Department of State, “The United States Concerned by Threat of Cyber Attack Against the Czech Republic’s Healthcare Sector”, 17 April 2020.
  11. Council of the EU, Declaration by the High Representative Josep Borrell, on behalf of the European Union, on malicious cyber activities exploiting the coronavirus pandemic, 30 April 2020. NATO, Statement by the North Atlantic Council concerning malicious cyber activities, 3 June 2020.