Computer systems in medical facilities in Brno and in Kosmonosy paralyzed by recent phishing and security attacks were restored with the help provided by AEC. Specialists working for the leading cyber security provider designed recovery procedures for the internal infrastructure of the compromised systems and recommended steps leading to a significant streamlining and acceleration of the recovery process.
Experts from AEC were called to the University Hospital in Brno immediately on the day following the detection of the incident. It was a typical phishing attack. Attackers from an organized international group used an infected message to attack the system. When the message was opened, the ransomware started spreading and encrypting individual workstations, servers etc., which resulted in the paralysis of the entire IT infrastructure.
„“AEC was providing assistance under its mandate as a professional supervisor and adviser, the scope of which is, in this case, influenced by many factors, namely the ones set by the law,” noted Matej Kačic, Head of Security Technologies Division in AEC and he specified it some more:
“Our task was to analyse the situation and to check whether the measures taken for the immediate rehabilitation of the system are correct from the safety and best practices point of view. Based on the findings, we then recommended how to streamline and speed up the individual procedures.”
The hospital responded to the incident with immediate shut down of all stations and contacted the National Cyber and Information Security Agency. Upon arrival, agency experts fully disconnected one part of the network infrastructure and began working on forensic analyses. Summoned AEC specialists collaborated on the rescue and recovery of data in Brno with colleagues from their sister company AUTOCONT, which, the same as AEC, is a member of the ICT holding Aricoma Group.
In reaction to the cyberattack at the University Hospital in Brno, the CyberSecurity Action Committee of the Ministry of Health was established.
"We at AEC immediately joined this programme, offering our professional services in areas such as forensic analysis, penetration testing, or protection against APT attacks and phishing campaigns," said Matej Kačic. Only a few days had passed since the establishment of the Action Committee, and the entire team, including the AEC experts, was on alert again. Yet another attack was lead on the computer network of a medical facility, this time at the Psychiatric Hospital in Kosmonosy near Mladá Boleslav.
According to Matej Kačic, the Head of Security Technologies Division in AEC, the majority of Czech health care facilities suffer from deficiencies in preventive measures, which lowers their security. The use of flat infrastructure networks allowing the rapid spread of malware is quite typical, as well as incorrectly set up key processes, such as incorrect use of privileged administrator accounts. The consequences of an attack on this type of facility can be fatal.
“Situations such as the attacks on the University Hospital in Brno and the Psychiatric Hospital in Kosmonosy can be prevented, not only by training employees in cybersecurity awareness, but also by introducing continuous expert supervision and monitoring,” emphasized Karel John, Head of Cyber Defense Center in AEC. The next necessary step, according to him, is the correct backup of data: "It is no exception that in the event of a major incident, all backups of the infected system may be completely deleted or encrypted, therefore they can no longer be restored to their original state."
In the case of the attacked hospitals, the restoration of operation on all workstations is difficult and takes weeks. Thanks to the findings and recommendations provided by the staff from AEC and other teams, the most important systems of the affected infrastructures were able to start operating in relatively short time, which was recognized by Tomáš Bezouška, Cybersecurity Manager of the Ministry of Health of the Czech Republic:
“Great job! I would like to thank AEC for their generous help with removing the consequences of the cyberattack on the Psychiatric Hospital in Kosmonosy.”