Czech cyber officials warn of serious threat to health care sector

It's the latest sign that malicious hackers aren’t holding off attacking health care facilities during the pandemic.
(Getty Images)

Cybersecurity authorities in the Czech Republic on Thursday warned the public about the threat of an “extensive campaign of cyberattacks” on IT systems and health care facilities that could be carried out in the coming days.

The Czech government’s main cybersecurity agency said a recent spearphishing campaign could indicate that “the preparatory phase of the attacks is already in progress.”

“The information available to us leads to a reasonable fear of the real threat of serious cyberattacks on major targets in the Czech Republic, but especially on healthcare systems, ” said Karel Řehka, director of the Czech National Cyber and Information Security Agency.

Under Czech law, the advisory issued by the cyber agency requires operators of critical infrastructure and major IT systems to heed the warning and take defensive measures. The agency is telling organizations to immediately create offline backups for their data and block remote internet access to systems whenever possible.


The Czech advisory is the latest sign that, while the novel coronavirus has strained health care systems around the world, some malicious hackers are trying to exploit the additional vulnerability.

“This appears to be a serious and credible impending attack,” said Beau Woods, a cyber safety innovation fellow at the Atlantic Council. “Attacks against Central and Eastern European countries can be leading indicators of future attacks elsewhere. U.S. organizations would do well to take action now without waiting for adversaries to begin targeting them.”

The U.S. State Department’s cyber diplomacy office shared the advisory on Twitter, adding that it “noted with concern” the threat facing the Czech Republic.

At least one of the malicious files in the Czech advisory is part of a batch of code used in a remote access hacking tool, which cybersecurity company SonicWall reported last month. The malware, whose files are named after COVID-19, renders a computer’s hard disk unusable. The code overwrites the master boot record, which tells a computer how to start up.

In March, the computer systems at the Czech Republic’s second largest hospital, which has conducted tests for the virus, were hit by a cyberattack. The attack forced the hospital to postpone some scheduled operations.


In response to cyberthreats to health care during the pandemic, cybersecurity specialists have formed a volunteer group to help protect facilities from hackers.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts