Russian hospital faces multi-day shutdown as pro-Ukraine group claims cyberattack

A private hospital in the Russian republic of Chuvashia experienced a multi-day disruption this week likely linked to a cyberattack claimed by a pro-Ukraine hacker group.

On Tuesday, Lecardo Clinic announced a "technical failure" that led to a three-day shutdown of its operations. 

"We're doing everything we can to restore our operations, but it's taking longer than expected,” they said. “Once our software is fully restored, we'll notify you."

Although the hospital has not disclosed specifics about the cyber incident, local authorities confirmed the attackers targeted software used to manage patient records and medical histories. They also suspect that other private clinics using the same software may have had their data compromised.

The hacker group 4B1D claimed on Telegram that it gained access to the clinic's network via the compromised account of the clinic’s director. The group said it then wiped the clinic's servers, deleted backups, encrypted and exported patient data, and disabled more than 100 computers. The hospital and authorities have not commented on the hackers' statement.

To support its claims, the hacker group posted some of the leaked data, including an X-ray of a skull, on its Telegram channel. According to the group, they obtained personal data of around 52,000 patients and medical staff, with approximately 2,000 records already being sold on the dark web. These records included patient names, phone numbers, service costs, and average bill amounts.

4B1D is a little-known threat actor active since at least January, claiming responsibility for attacks on various Russian companies, including tech firms and those involved in critical infrastructure.

Local media reported that Lecardo Clinic's management failed to report the breach promptly to authorities. In addition, some of the clinic’s data was reportedly stored without proper security measures in place. In response, local prosecutors announced plans to investigate staff compliance with information security regulations. The company did not immediately respond to a request for comment.

The incident is part of a broader surge in cyber threats faced by Chuvashia, in the country’s west. In August, the republic's digital ministry reported a significant increase in cyberattacks, with more than 2.7 million incidents successfully repelled in 2024 alone.

The day before the cyberattack on Lecardo Clinic, Chuvashia was the target of a Ukrainian drone strike for the first time since the start of the war in Ukraine. Local authorities said the drone hit an oil terminal in the region. It is not clear if the hackers intentionally conducted the attack following the drone strike.