No patient data was stolen during the attack on the Citrix servers of the Medical Center Leeuwarden (MCL), the hospital writes on Friday in an update on the website. The MCL closed the network on Wednesday because they had noticed that hackers were trying to break into the system.
The hackers made use of a vulnerability in the software of the American company Citrix during the hacking attempt. Citrix has been faced with a security vulnerability since December, making its customers vulnerable to hackers.
With Citrix software, companies or institutions can set up 'virtual desktops' that can be used from the cloud or a network. Employees can therefore log on to the servers at home.
In recent days, the MCL investigated the impact of the hacking attack. This shows that the hackers have not penetrated the hospital's internal systems and that they have not been given access to patient data.
Data traffic still shut down
The National Cyber Security Center (NCSC) advised all organizations using the Citrix software to thwart these servers on Thursday evening. The MCL will therefore keep the Citrix servers offline for the foreseeable future. "This means that this weekend patients cannot yet go to MijnMCL and employees of the MCL cannot work at home."
Today, several municipalities, such as Rotterdam and Haarlem, also made the choice to lay down the Citrix servers. The main reason for this is that employees cannot log into the internal network of the organizations from home. This has little or no implication for citizens.
January 20 Citrix comes with a security update to close the leak. The MCL then decides whether it is safe enough to re-open the systems. "The healthcare itself continues and is not hindered by the digital communication with the outside world," the hospital said.
See also: We know this about the vulnerability in Citrix systems