Cyber Incident Victim: CHC MontLégia
Date:
Nov 2022
Location:
Belgium
Summary
A healthcare provider detected a suspected cyber intrusion, prompting immediate protective measures including complete isolation of its IT systems from external connections. This disruption prevented online appointment scheduling for patients and blocked general practitioners' access to their dedicated web portal, forcing reliance on phone-based services for three months. Internal systems remained operational, ensuring continuity and safety of care despite the isolation. The organization maintained a "red phase" status with full containment but aimed to transition to an "orange phase" after security enhancements, which would allow gradual restoration of select external services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 18, 2022, Groupe santé CHC, a Liège-based hospital network operating five clinics, nine medical centers, and eight elderly care residences, detected a suspicious intrusion into its IT systems. The organization immediately implemented preventive protective measures by severing all external network connections—a containment action that remained in effect at the time of reporting. This isolation strategy confined the incident internally while maintaining core system functionality. The hospital group emphasized care continuity and patient safety were unaffected despite the operational disruption.
The containment measures significantly impacted patient services and medical workflows for at least three months. Online appointment booking systems became inaccessible, forcing patients to schedule exclusively via telephone. General practitioners lost access to a dedicated web portal normally used for clinical coordination. While internal systems remained operational under the "red phase" lockdown, the organization planned a transition to "orange phase" status contingent upon security enhancements. This next phase would permit gradual restoration of external-facing services, though no timeline was disclosed. The hospital declined to provide further incident details or current status updates, citing security considerations.