Ransomware attacks hit 15 Dutch hospitals

At least 15 Dutch hospitals were hit in ransomware attacks over the past three years, NOS reports based on a survey in which 25 hospitals participated anonymously. The hospitals insisted on staying anonymous out of fear of attracting hackers, according to the broadcaster. Another 20 hospitals refused to participate at all due to this concern.

In most cases ransomware blocks access to files on a computer and then demands money to reverse this. As most hospitals backup their data on an almost daily basis, little data was lost in a ransomware attack. In one case a hospital incurred delays in its outpatient clinic due to such an attack. One hospital had 75 computers infected with ransomware.

Another threat is that attackers can gain access to confidential patient data. Most of the Dutch hospitals told NOS that this did not happen when they were infected with ransomware. Two hospitals were unsure. 

Hospitals are extra vulnerable to ransomware as many of them use outdated IT technology. For example, 14 of the 25 hospitals in the survey still used the Windows XP operating system in some departments. Windows no longer provides free security updates for XP. Only one hospital said they pay for such updates.

A main reason for hospitals using outdated operating systems is that they are often built into medical devices, like MRI scanners. As the equipment still works, many hospitals decide to keep using it, despite the digital security risks. A number of hospitals do disconnect the device from the internet or surround it with firewalls.

According to the Dutch Association of Hospitals, this survey again shows that hospitals need to invest more in digital security. "In recent years much attention was paid to managing costs, which sometimes led to insufficient attention to IT", chairman Yvonne van Rooij said to NOS. 

Ransomware is an increasingly popular form of cyber attack worldwide. In one year's time the number of computers infected with ransomware increased by over 11 percent, according to a new report by antivirus company Kaspersky, NU.nl reports. Between April 2016 and March 2017, nearly 2.6 million Kaspersky users were infected with ransomware, compared to 2.3 million in the previous year. 


Related stories