LockBit claims cyberattack on Croatia’s largest hospital

Avatar

The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia’s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies.

The University Hospital Centre in Zagreb, known as KBC Zagreb, suffered the attack last week. More than 100 specialists worked to restore the systems in the aftermath.

According to local media reports, the incident slowed down the work of emergency services, forcing the hospital to send patients to other institutions in Zagreb. The attack “took us back 50 years — to paper and pencil,” said Milivoj Novak, assistant director for health care quality and supervision of KBC Zagreb.

“All tests can be done to some extent, but the radiological system, which is particularly dependent on information support, is perhaps the most severely affected,” said Ivan Gornik, head of the unified emergency hospital admission at KBC Zagreb, which serves about 10,000 people daily.

LockBit’s operations were disrupted in February in an international operation but the group has since resurfaced. 

Its claims have often proven unreliable. It recently claimed to have breached the U.S. Federal Reserve, but an initial batch of leaked documents supposedly linked to the agency in fact reportedly belonged to Evolve Bank & Trust.

Responding to LockBit’s claim, Interior Minister Davor Bozinovic said Tuesday that he doesn’t want to reveal too much information obtained by the investigators, and added that he is not aware of a ransom demand having been made. 

Also on Tuesday, Health Minister Vili Beros said the government will not negotiate with hackers, who he said were likely “looking for money.”

He added that it was not clear if the hackers had stolen any information from Croatian citizens. 

“This will be established forensically and is being investigated by the competent institutions,” Beros said during a press conference. 

Croatia’s police and security services are currently investigating the incident. Prior to the attack on KBC Zagreb, the websites of several local state institutions, including the Ministry of Interior, the tax service, and the local stock exchange, were targeted by distributed denial-of-service (DDoS) attacks, rendering them inaccessible for several hours. Russia-linked hacker group NoName057(16) claimed responsibility for the attacks.

Deputy Prime Minister Tomo Medved, said that Croatian institutions are grappling with a surge in cyberattacks, which began when Russia invaded Ukraine in 2022.

“We witness these attacks almost every day,” he said.

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Fintech company Affirm says Evolve Bank attack exposed customer info

Next Post

Stolen credentials could unmask thousands of darknet child abuse website users

Related Posts

SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast, and Unisys – are being penalized for how they handled the disclosure process in the aftermath of
Avatar
Read More