Belgian Hospitals and Organizations Hit by Supply Chain Data Breaches
Security firm Secutec uncovered a series of data breaches affecting at least five Belgian hospitals and additional commercial and government entities, exposing over 72,000 personal and login credentials on the darknet. The incidents stemmed from cyberattacks on third-party suppliers, including a patient registration software provider used by the hospitals and a separate IT supplier linked to other organizations.
The investigation began after the AZ Monica hospital in Antwerp fell victim to a cyberattack, leading Secutec’s security team to identify four more healthcare institutions using the same compromised software. A second breach at an IT supplier exposed an additional 1,000 login details from non-healthcare organizations.
Secutec CEO Geert Baudewijns highlighted that while Belgian hospitals maintain robust cybersecurity measures, vulnerabilities often originate from external suppliers. The European NIS2 directive, effective in Belgium since October 2024, now mandates third-party security audits to address these risks. Baudewijns noted that password-stealing malware often installed unintentionally by IT personnel with admin privileges poses an equal threat to unpatched vulnerabilities.
Following the discovery, Secutec alerted the Cybersecurity Center Belgium and the affected hospitals, recommending password resets, backup system testing, and network scans to detect further intrusions. The incidents underscore the growing risk of supply chain attacks and the need for stricter oversight of third-party vendors.
Source: https://www.techzine.eu/news/security/137956/five-belgian-hospitals-affected-by-data-breach/
Secutec cybersecurity rating report: https://www.rankiteo.com/company/secutec
Secutec cybersecurity rating report: https://www.rankiteo.com/company/secutec
"id": "SECSEC1768801314",
"linkid": "secutec, secutec",
"type": "Breach",
"date": "10/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Antwerp, Belgium',
'name': 'AZ Monica hospital',
'type': 'Hospital'},
{'industry': 'Healthcare',
'location': 'Belgium',
'type': 'Hospitals (4 additional)'},
{'customers_affected': '1,000 login details exposed',
'industry': 'Various',
'location': 'Belgium',
'type': 'Commercial and government entities'}],
'attack_vector': 'Third-party suppliers, Password-stealing malware',
'data_breach': {'data_exfiltration': 'Exposed on the darknet',
'number_of_records_exposed': 'Over 72,000 (71,000+ from '
'hospitals, 1,000 from other '
'organizations)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'Personal and login credentials'},
'description': 'Security firm Secutec uncovered a series of data breaches '
'affecting at least five Belgian hospitals and additional '
'commercial and government entities, exposing over 72,000 '
'personal and login credentials on the darknet. The incidents '
'stemmed from cyberattacks on third-party suppliers, including '
'a patient registration software provider used by the '
'hospitals and a separate IT supplier linked to other '
'organizations.',
'impact': {'brand_reputation_impact': 'Potential brand reputation impact due '
'to data exposure',
'data_compromised': 'Over 72,000 personal and login credentials',
'identity_theft_risk': 'High',
'systems_affected': 'Patient registration software, IT supplier '
'systems'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (personal and login '
'credentials)',
'entry_point': 'Third-party suppliers (patient '
'registration software provider, IT '
'supplier)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Vulnerabilities often originate from external suppliers, '
'necessitating stricter third-party security audits. '
'Password-stealing malware poses a significant threat when '
'installed unintentionally by IT personnel.',
'post_incident_analysis': {'corrective_actions': 'Third-party security '
'audits, password resets, '
'backup system testing, '
'network scans',
'root_causes': 'Cyberattacks on third-party '
'suppliers, unintentional '
'installation of password-stealing '
'malware by IT personnel'},
'recommendations': 'Implement stricter oversight of third-party vendors, '
'enforce third-party security audits, conduct regular '
'password resets, test backup systems, and perform network '
'scans to detect intrusions.',
'references': [{'source': 'Secutec'}],
'regulatory_compliance': {'regulations_violated': 'Potential NIS2 directive '
'violations (effective '
'October 2024)'},
'response': {'communication_strategy': 'Alerts to affected hospitals and '
'organizations',
'containment_measures': 'Password resets, Network scans to '
'detect further intrusions',
'law_enforcement_notified': 'Cybersecurity Center Belgium',
'remediation_measures': 'Backup system testing',
'third_party_assistance': 'Secutec'},
'stakeholder_advisories': 'Cybersecurity Center Belgium and affected '
'hospitals notified',
'title': 'Belgian Hospitals and Organizations Hit by Supply Chain Data '
'Breaches',
'type': 'Supply Chain Attack, Data Breach',
'vulnerability_exploited': 'Unpatched vulnerabilities, Unintentional '
'installation of malware by IT personnel with '
'admin privileges'}