Cyberattack on Belgian social service centers forces them to close

The Public Center for Social Action (CPAS) in Charleroi, Belgium, announced its social branches would be closed on Tuesday “except for absolute emergencies” as a result of a cyberattack.

CPAS institutions operate in each of the country’s 581 municipalities, providing social services to the local community including financial assistance, housing, medical and legal advice.

The institution’s spokesperson, Didier Neirynck, stated that its debt mediation service and Energy House service would also be closed as a result of the attack, which was discovered on Monday morning.

He added that while the cyberattack had not directly undermined all of the affected systems, the IT team had decided to take everything offline as a security precaution.

Although the CPAS did not identify the nature of the attack, Belgian newspaper Sudinfo reported that it was a ransomware incident, and that the attackers had already made an extortion demand.

“We are busy taking stock of the damage,” said Neirynck, stressing that nursing homes, citizen spaces and home care centers were still operating as normal.

“We are going to have to adapt our procedures to continue to fulfill all of our missions,” the spokesperson added, suggesting that the social services would reopen on Monday with staff using pen and paper to complete their tasks.

Cyberattacks on Belgian institutions have been occurring at a similar level to most other European nations in the past few years, with a hospital in Brussels — also the capital of the European Union and NATO Headquarters — being forced to divert ambulances after an incident in March.

Back in 2021, roughly two weeks after Belgium’s parliament, universities, and scientific institutions were hit by a cyberattack, the country’s National Security Council approved a new cybersecurity strategy that aims to shore up its digital defenses.