Cyber Incident Victim: Ministry of Health Kuwait
Date:
Sep 2024
Location:
Kuwait
Summary
A cyberattack disrupted Kuwait's Ministry of Health, causing system outages at multiple hospitals and disabling the national Sahel healthcare app. The ministry restored operations at critical facilities—including the Kuwait Cancer Control center and health insurance management offices—using backups, while collaborating with security agencies to contain the breach and reinforce defenses. Essential databases were reportedly not accessed, but some systems required shutdowns for security updates. No ransomware group claimed responsibility, though Kuwait previously experienced attacks linked to Rhysida and Vice Society gangs. The incident underscores broader regional vulnerabilities in healthcare infrastructure amid rising global ransomware activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack targeting Kuwait’s Ministry of Health disrupted hospital operations and disabled the Sahel healthcare app, prompting a multi-phase recovery effort. The attack forced the ministry to take critical systems offline, including its public-facing website, which remained inaccessible days after the incident. Officials confirmed the attackers breached ministry networks but were prevented from accessing essential databases. To contain the intrusion, the ministry proactively shut down affected systems while collaborating with unspecified government security agencies to isolate the compromise and prevent lateral movement. Restoration efforts prioritized critical healthcare infrastructure: backups were deployed to recover systems at the Kuwait Cancer Control Center, as well as offices managing the national health insurance system and the expatriate medical check-up system. The ministry emphasized that basic and vital healthcare services continued uninterrupted at primary care centers and public hospitals through manual workarounds, though the Sahel app—a central platform for healthcare access—remained non-functional. No ransomware group claimed responsibility for the attack, contrasting with previous incidents against Kuwaiti entities like the 2023 Rhysida ransomware attack on the Ministry of Finance.
The incident impacted one of the Gulf region’s most advanced healthcare systems, serving over four million residents across 36 hospitals (20 public). While the ministry did not disclose the attack vector, its statement acknowledged identifying how the hackers infiltrated systems and emphasized post-incident security enhancements, including updates to breached systems before reactivation. Operational disruptions were mitigated by pre-existing backups, though the prolonged outage of the Sahel app indicated broader technical challenges. The ministry declined to specify a full recovery timeline but asserted systems would return “soon.” This attack occurred amid a global surge in ransomware activity, with 6,670 incidents documented in 2023—a 73% annual increase—affecting 117 countries. Kuwait’s repeated targeting by groups like Rhysida and Vice Society, which attacked Ikea Kuwait in 2022, underscores its vulnerability to coordinated cyber threats against critical infrastructure.