Cyber Incident Victim: Sint-Andriesziekenhuis

On January 26, 2022, Sint-Andriesziekenhuis experienced a cyberattack when its external software vendor identified unauthorized malware installation on the hospital network through continuous monitoring systems. The hospital immediately activated a specialized external response team alongside internal IT staff to investigate and contain the incident. Their coordinated efforts successfully prevented operational impacts by rapidly isolating the compromised server, which was disconnected from the network within hours of detection. Forensic analysis confirmed the malware’s presence was limited to this single server, with no evidence of lateral movement to other systems. No confidential patient or operational data was exposed during the incident, as security protocols maintained information protection throughout the event. Hospital operations continued uninterrupted, with all patient examinations, treatments, and consultations proceeding as scheduled without delays or cancellations.

The containment strategy focused on replacing the affected server, scheduled for completion the following week to restore remote work capabilities for staff and enable physicians to securely access hospital systems during telehealth consultations. Post-incident forensic examinations verified the complete eradication of malware from all network infrastructure, declaring the environment secure. The hospital confirmed no residual threats remained and maintained normal clinical operations throughout the response period. Technical recovery efforts prioritized reinstating remote access functionality while preserving uninterrupted patient care delivery across all departments. No data exfiltration or encryption by attackers was observed, with systems returning to full operational capacity following server replacement.