Brno University Hospital ransomware attack
A ransomware attack forced Brno University Hospital — one of Czechia's largest hospitals and a major COVID-19 testing centre — to shut down its entire IT network, cancel surgeries, and divert acute patients at the height of the early pandemic.
- Victim
- Brno University Hospital (Fakultní nemocnice Brno)
On 13 March 2020, at the height of the early COVID-19 outbreak, a ransomware attack struck Brno University Hospital (Fakultní nemocnice Brno) — one of the Czech Republic's largest hospitals and home to one of the country's biggest coronavirus testing laboratories. The hospital was forced to shut down its entire IT network, an extraordinary disruption at the worst possible moment.
What happened
The infection reportedly began around 2 a.m. and was discovered at roughly 5 a.m. on Friday, 13 March 2020. Faced with spreading encryption, hospital staff made the decision to disconnect all computer networks to contain the malware. This precautionary shutdown — rather than the ransomware alone — drove much of the operational impact.
The Czech National Cyber and Information Security Agency (NÚKIB) confirmed the incident and worked with law enforcement and hospital staff to restore services. NÚKIB had, only days earlier, issued a warning about a rising wave of cyberattacks against Czech healthcare institutions during the pandemic.
Impact
- The hospital took its entire IT system offline, severing access to key clinical systems.
- Planned surgeries were postponed and acute patients were transferred to other facilities.
- Staff were unable to transfer data from critical clinical systems into the hospital's databases, slowing care.
- The disruption hit a facility running major COVID-19 testing operations just as the Czech Republic confronted the pandemic's first wave.
Context and response
The Brno attack arrived amid a broader pattern of ransomware targeting Czech hospitals — coming only months after the Benešov hospital was paralysed by Ryuk ransomware in December 2019. It crystallised fears that healthcare cyberattacks during a pandemic could cost lives, prompting international commentary on the urgent need for cyber norms protecting medical facilities.
The hospital recovered over the subsequent days and weeks, and NÚKIB escalated its warnings to the wider Czech health sector to harden defences against further intrusions.
Why it matters
Brno became an internationally cited example — featured in the CCDCOE Cyber Law Toolkit — of how ransomware against critical healthcare infrastructure during a public-health emergency can endanger patient safety. It underscored that the gravest consequence of a hospital ransomware attack is not data loss but the interruption of care, and it accelerated national and EU debate over protecting medical facilities from cyberattack, even in the absence of a confirmed ransom payment.
Timeline
A ransomware infection, reportedly beginning around 2 a.m., is discovered at roughly 5 a.m.; the hospital decides to disconnect all computer networks.
The hospital takes its entire IT system offline, postpones planned surgeries, and diverts acute patients to other facilities.
Czech National Cyber and Information Security Agency (NÚKIB) confirms the incident and begins coordinating the response with law enforcement.
Recovery work proceeds over the following days and weeks as systems are progressively restored.
The attack prompts NÚKIB to issue heightened cyberthreat warnings for the Czech healthcare sector during the pandemic.
Sources
- cyberlaw.ccdcoe.orghttps://cyberlaw.ccdcoe.org/wiki/Brno_University_Hospital_ransomware_attack_(2020)
- healthcareitnews.comhttps://www.healthcareitnews.com/news/emea/cyberattack-czech-hospital-forces-tech-shutdown-during-coronavirus-outbreak
- securitymagazine.comhttps://www.securitymagazine.com/articles/91921-brno-university-hospital-in-czech-republic-suffers-cyberattack-during-covid-19-outbreak
- borncity.comhttps://borncity.com/win/2020/03/14/ransomware-infection-in-czech-university-hospital-of-brno/