Cyber Incident Victim: CHwapi hospital

On January 17, 2021, at 8:46 PM, the CHwapi hospital center in Tournai, Belgium, experienced a ransomware attack affecting its computer systems. The incident disrupted 80 of the hospital’s 300 servers, compromising access to critical patient admission data and forcing staff to revert to paper-based records for operational continuity. Hospital management confirmed no ransom demand was issued by the attackers, and no data theft occurred during the breach. The immediate operational impact included the cancellation of approximately 100 non-urgent surgeries scheduled for January 18, though most outpatient consultations proceeded as planned. Affected patients received notifications via text messages or phone calls regarding appointment cancellations. The hospital maintained emergency services throughout the incident, prioritizing urgent care despite the IT infrastructure compromise.

The attack occurred amid a broader pattern of ransomware incidents targeting European healthcare and municipal entities. CHwapi became the second hospital publicly reported as compromised within a month, following the December 2020 attack on France’s Center Hospitalier Albertville-Moûtiers. Concurrently, the French city of Angers faced similar disruptions, though no confirmed link existed between these incidents or attribution to specific threat actors. CHwapi’s response focused on containment through manual processes while assessing system damage, with no public disclosure of recovery timelines or technical remediation steps. Operational disruptions remained confined to non-emergency services, reflecting the hospital’s contingency planning for critical care continuity during cyber incidents.