CHC MontLégia

CHC MontLégia is a healthcare provider located in Liège, Belgium, operating as a hospital that delivers a range of medical services to the local population. It provides both inpatient and outpatient care, including specialist consultations, diagnostic imaging, and surgical interventions. The facility supports general practitioners through a dedicated web portal that allows them to access patient information and coordinate care. Patients can schedule appointments online via the hospital’s digital platform, which integrates with its internal clinical systems. The hospital’s services are designed to ensure continuity of care, and its internal systems remained operational even during periods of external network isolation. This description is based on the organisation's role as a healthcare provider and the details mentioned in the reported cyber incidents.

In November 2022, CHC MontLégia experienced a suspected cyber intrusion that prompted the immediate isolation of its IT systems from external connections, triggering a “red phase” status. The isolation prevented online appointment scheduling and blocked general practitioners’ access to their web portal, forcing the hospital to rely on telephone‑based services for approximately three months. A second incident, reported as a cyberattack on 1 November 2022, caused prolonged IT system downtime, with critical infrastructure remaining offline for several months and necessitating extended recovery efforts. Throughout both episodes, the organisation maintained emergency protocols and aimed to transition to an “orange phase” after implementing security enhancements that would allow gradual restoration of select external services.

The incidents highlighted CHC MontLégia’s focus on maintaining patient safety and care continuity despite significant digital disruption, demonstrating a resilient operational model that prioritises essential clinical functions over non‑essential online services. Its response strategy, which included phased containment objectives and a clear communication of status phases, reflects a structured approach to cyber incident management within the healthcare sector. The organisation’s experience also underscores the broader vulnerability of healthcare infrastructure to prolonged cyber incidents, positioning it as a case study for sector‑wide discussions on improving resilience and recovery capabilities. No additional information about ownership, parent organisations, or specific size metrics is available in the provided sources.