LockBit claims cyberattack on Croatia’s largest hospital

Avatar

The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia’s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies.

The University Hospital Centre in Zagreb, known as KBC Zagreb, suffered the attack last week. More than 100 specialists worked to restore the systems in the aftermath.

According to local media reports, the incident slowed down the work of emergency services, forcing the hospital to send patients to other institutions in Zagreb. The attack “took us back 50 years — to paper and pencil,” said Milivoj Novak, assistant director for health care quality and supervision of KBC Zagreb.

“All tests can be done to some extent, but the radiological system, which is particularly dependent on information support, is perhaps the most severely affected,” said Ivan Gornik, head of the unified emergency hospital admission at KBC Zagreb, which serves about 10,000 people daily.

LockBit’s operations were disrupted in February in an international operation but the group has since resurfaced. 

Its claims have often proven unreliable. It recently claimed to have breached the U.S. Federal Reserve, but an initial batch of leaked documents supposedly linked to the agency in fact reportedly belonged to Evolve Bank & Trust.

Responding to LockBit’s claim, Interior Minister Davor Bozinovic said Tuesday that he doesn’t want to reveal too much information obtained by the investigators, and added that he is not aware of a ransom demand having been made. 

Also on Tuesday, Health Minister Vili Beros said the government will not negotiate with hackers, who he said were likely “looking for money.”

He added that it was not clear if the hackers had stolen any information from Croatian citizens. 

“This will be established forensically and is being investigated by the competent institutions,” Beros said during a press conference. 

Croatia’s police and security services are currently investigating the incident. Prior to the attack on KBC Zagreb, the websites of several local state institutions, including the Ministry of Interior, the tax service, and the local stock exchange, were targeted by distributed denial-of-service (DDoS) attacks, rendering them inaccessible for several hours. Russia-linked hacker group NoName057(16) claimed responsibility for the attacks.

Deputy Prime Minister Tomo Medved, said that Croatian institutions are grappling with a surge in cyberattacks, which began when Russia invaded Ukraine in 2022.

“We witness these attacks almost every day,” he said.

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Fintech company Affirm says Evolve Bank attack exposed customer info

Next Post

Stolen credentials could unmask thousands of darknet child abuse website users

Related Posts

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend
Avatar
Read More

Cloud Security Singapore

[[{“value”:” August 21, 2024Location: Equarius Hotel Sentosa, Singaporewebsite: https://cloudsec-sg.coriniumintelligence.com/ Put dynamic security at the center of your cloud…
Avatar
Read More

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security
Avatar
Read More