Cyber Incident Victim: Centre Hospitalier Régional Sambre et Meuse

On the morning of Friday, May 26, 2023, the Centre Hospitalier Régional Sambre et Meuse (CHRSM) was subjected to a cyberattack affecting both of its hospital sites. The attack was detected by the hospital's IT Department, which had an important team in place. This team was described as having been very reactive, immediately implementing emergency procedures that had been previously established in anticipation of such an event. A primary concern was preventing the propagation of the virus that had been implanted by the attackers. As a direct containment measure, all computer communications were deliberately severed. This decisive action resulted in an immediate and widespread impact on the hospital's operational capabilities. The entire staff lost access to their email systems, the hospital's wifi network was shut down, and numerous critical software applications became inaccessible.

The immediate consequence of these containment actions was a significant degradation of normal hospital processes, forcing a return to manual, paper-based operations. While the hospital's vital medical equipment, such as intensive care unit apparatus and dialysis machines, continued to function independently, the processes for communication and patient data management were severely interrupted. The hospital's director general, Stéphane Rillaerts, confirmed that the institution was working from backups that had been created preventatively, which allowed for a continued follow-up of patient files, albeit at a much slower pace. The hospital was forced to operate in a slowed-down state, relying on physical paper dossiers to maintain patient care continuity.

In response to the crisis, the entire medical staff mobilized to ensure the provision of quality services to all patients. Hospital management publicly stated that their teams were doing their utmost to achieve a return to normal operations as quickly as possible. A critical public communication effort was launched to manage patient flow and prevent further strain on the compromised systems. The hospital explicitly requested that patients not overload the telephone networks and advised them not to come to the hospital until further notice. This was essential to ensure that communication lines remained available for coordinating the emergency response and managing critical patient care.

All hospital activity had to be adapted. A process was established whereby each patient would be contacted personally to be informed whether their scheduled examination, surgery, or consultation would be held or postponed. Certain essential services were explicitly confirmed to remain operational despite the attack. The recently opened center for victims of sexual violence (CPVS) remained open 24 hours a day. The Assisted Reproductive Technology service also continued its ongoing patient follow-ups. Emergency care for life-threatening conditions and childbirths was assured, though the hospital strongly advised the public to avoid coming to the Emergency Department unless absolutely necessary.

To facilitate essential communication, the hospital published specific emergency contact numbers for each site, effectively creating a bypass around the disabled digital systems. For the Sambre site in Auvelais, the public was instructed to call 0493/28.29.06 and 071/77.16.71. For the Meuse site in Namur, the number 0493/28.96.08 was provided for general reception and 0492/19.33.60 for emergencies. The hospital's main website became a central hub for information, hosting a dedicated press section aggregating all articles and reports concerning the crisis, as well as a frequently asked questions (FAQ) page to address common patient concerns about visits and appointments. The IT team had already been able to identify the type of attack, though the specific identification was not disclosed in public communications. The incident continued to be managed with a focus on restoring systems and mitigating the impact on patient care, with the hospital later updating the public on its recovery progress through continued communications on its official channels.