NL: More hospitals, cybersecurity firm also targeted in pro-Russia cyberattack

AMSTERDAM - The university medical centers in Maastricht (MUMC+) and Leiden (LUMC), as well as the organization Z-CERT were also targeted in cyberattacks this week, similar to the University Medical Center Groningen (UMCG). As a result, the websites were briefly offline.


The attacks on the hospitals come from the pro-Russian hacker group Killnet, said Z-CERT, which helps the healthcare sector with cybersecurity. The Killnet group has announced attacks on hospitals in countries that aid Ukraine in its war against Russia. 


The UMCG has been dealing with a similar attack since this weekend. Large portions of their website were inaccessible for several consecutive days. Z-CERT said it will file a criminal report with authorities about the attacks against its own systems and those of the affected hospitals. 


The MUMC+ discovered the distributed denial of service, or DDoS, attack this weekend. "Fortunately, we were able to defend ourselves against this in time," said the spokesperson. The website went down two different times for a short period. 


In a DDoS attack, a computer system is flooded with visitors. These are often hijacked devices that send a high enough volume of traffic to slow a website to a crawl, and potentially makes the site or server unreachable. 


The LUMC in Leiden has also been the target of an attack by cybercriminals, a spokesperson said, confirming reports by Omroep West. The hospital was briefly hit by a DDoS attack twice on Saturday, one of five and one of fifteen minutes. 


Patient data has not been compromised, according to the hospital. The patient portal and digital records systems also remained accessible to logged in users. 


Z-CERT was affected by the attack on Monday afternoon and Tuesday morning, causing a disruption on its website. The cybersecurity firm believes the situation will be handled better in the event of any future attacks. 


The Groningen hospital has also been able to build a line of defense, making their site accessible again. Meanwhile, the DDoS attack has continued. The burden on patients remained limited, and the provision of care was continuing as usual at the UMCG. A spokesperson said it was irritating that the hospital had become a random target of the hacker group. "It is up to the authorities to find out exactly who these attackers are and to take steps against them." 


In the future, the UMCG website must also become less vulnerable to cyberattacks. "Of course we would like the site to remain public and accessible to everyone," said the UMCG spokesperson. “But that also made it easier for malicious parties to 'walk in.’” The new defense mechanism put in place diverts traffic from the DDoS attack away, while leaving enough capacity for real visitors. 

Related News