Cyber Incident Victim: University Medical Center Groningen

On January 28, 2023, the University Medical Center Groningen (UMCG), one of the Netherlands’ largest hospitals, experienced a distributed denial-of-service (DDoS) attack that crashed its website. The attack occurred on a Saturday, disrupting normal online operations. The Dutch National Cyber Security Centre (NCSC) publicly attributed the incident on Wednesday, February 1, 2023, to the pro-Russian hacking group Killnet, citing the group’s stated intent to retaliate against countries supporting Ukraine. Killnet had previously announced plans to target approximately 31 hospitals across the Netherlands, though UMCG was the only confirmed Dutch healthcare facility affected. The attack flooded UMCG’s web infrastructure with excessive traffic, a hallmark of DDoS operations aimed at overwhelming systems. No data breaches or compromises of clinical systems were reported, with disruptions confined to website accessibility.

The NCSC confirmed that mitigation measures successfully contained the attack, limiting its operational impact on UMCG. Concurrently, Killnet reportedly targeted hospitals in other European nations, including the United Kingdom, Germany, Poland, and Scandinavia, as well as the United States, though specific institutions outside the Netherlands were not named. This incident followed a pattern of Killnet activity, including DDoS attacks against German airports, public administration systems, and financial institutions the preceding week. In November 2022, the same group had targeted the European Parliament website shortly after it designated Russia a state sponsor of terrorism. The NCSC emphasized the geopolitical motivation behind the attacks, linking them to Western support for Ukraine amid the ongoing conflict with Russia. No prolonged service interruptions or patient care disruptions at UMCG were documented following the mitigation.