Cyber Incident Victim: Harapan Kita Hospital
Date:
May 2017
Location:
Indonesia
Summary
A ransomware attack impacted Harapan Kita Hospital in Jakarta, part of a broader global incident affecting multiple sectors including healthcare, automotive manufacturing, telecommunications, and government services. Cyber extortionists deployed malicious emails disguised as legitimate invoices, job offers, or security warnings to encrypt victims' data, demanding Bitcoin payments for decryption. The hospital faced operational disruptions alongside other prominent victims like Britain's NHS, which canceled patient treatments, and automotive plants that halted production. While some organizations contained infections through system reinstalls or internet disconnections, the attack caused widespread service interruptions across transportation networks, corporate operations, and educational institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around May 12, 2017, Harapan Kita Hospital in Jakarta, Indonesia, along with Dharmais Hospital, fell victim to a global ransomware campaign. The attack infiltrated hospital systems after employees received deceptive spam emails containing malicious attachments disguised as legitimate invoices, job offers, security warnings, or other routine documents. Upon opening these attachments, the ransomware encrypted files on the hospitals' computers, rendering critical data inaccessible. Attackers demanded a payment of $300 in Bitcoin to decrypt the files, displaying on-screen messages such as "Ooops, your files have been encrypted!" This incident occurred amid a coordinated wave of cyberattacks affecting organizations across multiple continents, leveraging exploits believed to have originated from leaked National Security Agency tools.
The ransomware severely disrupted hospital operations, though specific clinical impacts at Harapan Kita were not detailed in available reports. Globally, the attack affected over 45 NHS facilities in Britain—causing appointment cancellations—and halted production at Renault factories in France and Slovenia, Nissan's UK plant, and Sandvik industrial sites. Deutsche Bahn's passenger information displays, Russia's Interior Ministry computers, FedEx systems, and Telefonica's infrastructure were also compromised. Portugal Telecom experienced infections but avoided service disruptions, while Energias de Portugal preemptively severed internet access. Despite widespread encryption of administrative and production systems, many organizations like Telefonica initiated system reinstallation and containment procedures. No confirmation exists regarding whether Harapan Kita Hospital paid the ransom or restored operations via backups. The incident highlighted vulnerabilities in critical infrastructure sectors during an unprecedented cross-border cyber extortion campaign.