The Medical Center Leeuwarden (MCL) has become the target of a hacking attempt, the hospital reports on its website on Wednesday. After the attack was discovered on Tuesday evening, the MCL cut off the internal network from the outside world. Whether the hacking attempt has been successful is as yet unclear. The internal investigation into this is still ongoing.
The precautionary measure means that patients cannot access their electronic patient file. The MCL also cannot exchange data with other hospitals and staff cannot work from home.
Doctors, nurses and other medical staff can access the electronic patient files in the MCL, spokesperson Frits Mostert told NU.nl. "In that regard, the course of events is like any other day."
The MCL suspects that the hacking attempt is related to a vulnerability in the servers of the American supplier Citrix. It was announced on Sunday that at least 713 servers are at risk in the Netherlands. The National Cyber Security Center (NCSC) warned that the leak was being actively attacked.
Security researcher Matthijs Koot, who works at Secura and as a researcher at the University of Amsterdam, told NU.nl on Monday that hospitals, but also ministries and mental healthcare institutions are at risk. He called the vulnerability a "very big problem with great urgency".
Although Koot could not say anything about the organizations at risk on Monday, he confirmed to NU.nl that the MCL was susceptible to abuse of the Citrix vulnerability. Whether that also means that hackers actually made use of this vulnerability in their attack attempt is not yet known.
Citrix expects to offer an update at the end of January
Citrix expects to be able to offer an update on January 20 at the earliest that removes the vulnerability. For certain versions of the firmware (software programmed in hardware), an update may take a few days longer.
Koot carried out another scan on Wednesday morning, which showed that the number of vulnerable systems in the Netherlands that are still connected to the internet has fallen to at least 240 of the more than 700 servers. He makes the comment that his scan is not fully comprehensive. The actual number can therefore be higher.
It is unclear how long the MCL network will remain disconnected from the outside world.