Cyber Incident Victim: Poliklinika IPP
Date:
Mar 2021
Location:
Czechia
Summary
A cyberattack targeted three Prague-based polyclinics operated by Poliklinika IPP, disrupting email services and appointment scheduling systems, leading to operational interruptions. The clinics advised non-urgent patients to contact reception or use email while addressing the technical failure, though specific details on ransom demands were not disclosed by executives. Czech cybersecurity authorities confirmed investigating the incident, which was reportedly unrelated to contemporaneous Microsoft Exchange server vulnerabilities affecting other organizations. The attack reflects broader cybersecurity challenges within Czech healthcare, following prior incidents at multiple hospitals where significant investments in cyber defenses were identified as critically needed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 16, 2021, hackers breached the systems of Poliklinika IPP, a company operating three polyclinics in Prague, Czech Republic. The attack disrupted critical operational systems, including email services and the patient appointment ordering platform. Lenka Šmídová, the polyclinic’s executive director, confirmed the cyberattack but declined to disclose specifics, citing an active investigation and the involvement of the company’s owner in managing the response. She did not comment on whether the attackers issued a ransom demand. The Czech National Cyber and Information Security Agency (NÚKIB) acknowledged receiving an incident report and initiated a response, though spokesperson Jiří Táborský stated no further details would be released during the investigation. Initial assessments indicated the attack was unrelated to the widespread Microsoft Exchange Server vulnerabilities exploited in other Czech government and healthcare breaches earlier that year.
The polyclinics publicly acknowledged the incident through a website notice describing a "technical failure," advising non-urgent patients to contact reception desks or use email until systems were restored. The message explicitly referenced disruptions to appointment scheduling and apologized for operational complications. The attack occurred against a backdrop of escalating cyber threats targeting Czech healthcare providers, including prior incidents at Benešov Hospital, Ostrava University Hospital, Olomouc University Hospital, and Karlovy Vary Regional Hospital in 2020, as well as an unnamed small hospital earlier in 2021. A 2020 Ministry of Health survey of over 160 Czech hospitals had identified a critical need for cybersecurity investments exceeding four billion crowns (approximately $187 million USD) by 2023, underscoring systemic vulnerabilities in the sector. The Poliklinika IPP breach exemplified persistent risks to healthcare infrastructure, though the full scope of compromised data, exact attacker methodology, and financial or legal consequences remained undisclosed by authorities or the organization.