Hospital in Brussels latest victim in spate of European healthcare cyberattacks

A university hospital in Brussels has become the latest institution targeted in a spate of cyberattacks against European hospitals.

Ambulances were diverted from the Centre Hospitalier Universitaire (CHU) Saint-Pierre this weekend following the attack in the early hours of Friday morning.

Details about the attack and the perpetrators have not yet been disclosed.

CHU Saint-Pierre's chief executive, Pierre Leroy, told Belgian newspaper Le Soir that the hospital had an emergency plan “specifically established for this type of situation” following previous attacks on other hospitals in Belgium.

While staff were initially left working with paper records, the hospital managed to disconnect its servers and restart them by Saturday afternoon, said Leroy. The servers remain disconnected from the internet, he said.

“We are crossing our fingers that it will continue like this, but we can already point out the benefits of the emergency plan against cyberattacks,” he added.

He said that as of Saturday 100% of the institution’s IT applications were operational again, although “for several hours, so as not to overload the hospital, [emergency dispatchers] diverted ambulances to other hospitals,” Leroy said.

An investigation into the incident is ongoing, Leroy said. The hospital's website was unavailable on Monday.

“For the time being, we have not noticed any theft or leak of medical data, but we must remain cautious,” he told Le Soir.

The attack followed another on CHU Brest in France on March 9. In its statement on March 10, the university hospital said that "no health data leak has been identified," and said that emergency services are continuing to be provided.

CHU Brest also disconnected its IT system from the internet, meaning patients could not make new appointments and staff were unable to consult medical imaging or send test results to other establishments.

Also last week, thousands of appointments were canceled after a ransomware attack on the city of Barcelona’s main hospital. The regional Catalonian Cybersecurity Agency said the Ransom House gang — which lists semiconductor company AMD as a previous victim — was to blame.