AZ Monica hospital in Antwerp, Belgium has been forced to shut down servers, cancel medical procedures, and transfer critical patients to other facilities following a cyberattack.

Incident Impact

The attack has caused significant operational disruption:

  • Server shutdown: Core IT systems taken offline
  • Procedure cancellations: Scheduled surgeries and treatments postponed
  • Patient transfers: Critical patients moved to unaffected hospitals
  • Manual operations: Staff reverting to paper-based processes

Healthcare Sector Targeting

This incident continues a troubling trend of healthcare cyberattacks:

Why Hospitals Are Targeted

  • High pressure to restore operations - Patient care cannot wait
  • Valuable data - Medical records fetch premium prices
  • Complex IT environments - Legacy systems and medical devices
  • Limited security resources - Healthcare IT often understaffed
  • Interconnected systems - Patient data flows across departments

Recent Healthcare Incidents

Healthcare organizations have faced increasing attacks:

  • Manage My Health (New Zealand) - 120,000 patients affected
  • Blue Shield of California - PHI potentially exposed
  • Central Maine Healthcare - 145,000 records compromised

Response Considerations

Healthcare organizations responding to attacks must balance:

  • Patient safety - Maintaining critical care capabilities
  • Data protection - Preventing further exfiltration
  • Communication - Notifying patients and regulators
  • Recovery - Restoring systems safely

Regulatory Context

European healthcare providers face strict requirements:

  • GDPR - 72-hour breach notification requirement
  • NIS2 Directive - Critical infrastructure security obligations
  • National health regulations - Country-specific requirements

Recommendations for Healthcare Organizations

  1. Maintain offline backup systems for critical functions
  2. Develop and test incident response plans regularly
  3. Segment networks to contain potential breaches
  4. Implement robust endpoint detection
  5. Train staff on security awareness
  6. Establish relationships with peer institutions for mutual aid