Hospitals and other healthcare institutions, beware of ransomware!

While the entire Netherlands stands in support of healthcare during these challenging times, there are unfortunately individuals who want to take advantage of the situation. We are seeing cybercriminals deliberately targeting hospitals that are tirelessly combating the coronavirus. They are counting on hospitals having less focus on their information security during these busy times, making them vulnerable.


Over the past two weeks, several hospitals in countries like Spain and the Czech Republic have fallen victim to ransomware attacks. These were the very hospitals heavily involved in fighting the coronavirus and treating infected patients. Therefore, this is a real risk for Dutch hospitals and healthcare institutions as well. In these busy times, try to remain vigilant about your information security and keep your staff informed. What should you be on the lookout for?

Characteristics of this ransomware:

The hospitals affected by this ransomware all received phishing emails with the subject "Information Covid-19." The email attachments contained a document supposedly with Covid-19 information. Opening this document results in a ransomware infection that encrypts all your files. Subsequently, a ransom must be paid to regain access to your files. Read on for detailed technical information about this attack.

Criminals attempt to send this email to as many hospital employees as possible, hoping to catch an inattentive (overtired) staff member.

What can you do?

What can you do to protect yourself from this? You were likely already aware of the risk of malware attacks and had taken some precautions. Still, take a look at the following list of measures:

  • Inform your staff and make them aware of the risk.
  • Stay vigilant about timely installations of updates (Windows, antivirus software, etc.).
  • Use secure, complex passwords.
  • Limit user rights for employees, if possible.
  • Remain vigilant about digital messages from external sources. If you're unsure, report it immediately to your IT department, even if you have doubts.

If you need the assistance of an expert, don't hesitate to contact us!

Related Insights