A Belgian cybersecurity expert and his team discovered that three hospitals in Flanders, the northern part of Belgium, were susceptible to a data breach. The vulnerabilities have been patched.
Many, mainly small, hospitals don’t have the resources to afford their own IT department. Instead, they rely on vendors who develop platforms, so doctors have access to medical information about their patients and healthcare providers.
However, to maintain these systems, external parties must have access to the hospitals’ networks, which obviously contain sensitive information. This comes with great risk, especially when a vendor cuts back on maintenance.
“It’s difficult for a company to protect itself against a vendor who has been negligent,” Geert Baudewijns, cybersecurity expert and CEO of cybersecurity firm Secutec, said in an interview with Belgian news outlet VRT NWS.
Baudewijns and his team found a way to obtain passwords to gain access to three hospitals in Flanders. “We conducted tests and found that hackers could effectively use them to access the data of 71,000 patients,” the security expert claims.
Personal and sensitive information, such as first and last names, home addresses, social security numbers, and health-related data, was accessible. Baudewijns couldn’t say for sure whether hackers have already obtained this data. He reassured the people involved that his company hadn’t detected any of this information on the dark web or other platforms.
As of the time of writing, the vulnerabilities have been patched. However, this highlights that smaller organizations, including regional hospitals, remain vulnerable.
On Tuesday, two Belgian hospitals disclosed that they had to cancel 70 surgeries because of a cyberattack. Seven patients had to be transferred to other hospitals, and all planned and non-urgent treatments were suspended. Emergency care was reduced to the bare minimum, and ambulances were partially diverted to surrounding hospitals. Due to the incident, both hospitals were unable to access their electronic patient files.
“For the management team, ensuring the safety and continuity of care for our patients is paramount. We are actively working to ensure this. We do not want to take any risks when it comes to our patients,” Geert Smits, Director of AZ Monica, told Belgian news outlets in a press conference.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked