Ransomware Hits Maastricht University, All Systems Taken Down
Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.
UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two years.
"Maastricht University (UM) has been hit by a serious cyber attack," the university announced on Christmas Eve, December 24.
"Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution."
It is currently unknown if scientific data was also accessed or exfiltrated by the attackers during the attack, prior to the systems getting encrypted with the yet unnamed ransomware strain.
"Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data. - UM
All systems shut down temporarily
In an update published today, UM says that all the university's systems have been taken down as a precautionary measure during investigations.
"In order to work as safely as possible, UM has temporarily taken all of its systems offline," the update says. "Everything is aimed at giving students and employees access to the systems as soon as possible, possibly in phases."
However, seeing that the attack affected a vast majority of UM's computing systems, the amount of time needed to restore all the impacted computers is not yet possible to estimate.
"For the same reason, it is not possible to state with absolute certainty, which systems have been affected and which have not," UM adds. "This requires additional investigation."
"The Executive Board and the deans of the faculties deeply regret the inconvenience this is causing for both students and staff. In the days to come, they want to see in what way students and staff who are experiencing problems due to this situation can be accommodated. - UM"
At this time, UM's IT staff and external security specialists are working on repairing the affected systems and are also running a forensic investigation of the cyber-attack. The attack has also been reported to law enforcement as required by regulations in the Netherlands.
According to UM, the main focus right now is to make sure that the university's systems will be protected in the event of a future attack.
UM also says that employees and students can reach out to the ICT Servicedesk with questions related to the attack by sending an e-mail at [email protected] using their private e-mails or by calling 043 38 85 101 today during office hours.
BleepingComputer asked Maastricht University for comment and for extra details regarding the ransomware attack but did not hear back at the time of publication.
"Update December 30, 10:07 EST: UM says in a new update that "education at UM can be resumed on January 6. Some important systems that are required for this will be available online again from 2 January."
This primarily concerns information systems for students that are used for scheduling (inspection only), study materials (Blackboard / ELEUM) and the UM Student Portal as well. Availability does involve more limited functionality.
Students will also have to change all their passwords from an external location, outside the UM WiFi network."
Source: https://www.bleepingcomputer.com/news/security/ransomware-hits-maastricht-university-all-systems-taken-down/
Also social security numbers and medical data in stolen safe Travel Insurer Allianz Netherlands
In some cases, the safe of travel insurer Allianz Global Assistance, which was stolen in September, also had citizen service numbers (BSNs) and medical data, a spokesperson told. Customers were informed about this earlier this week. It is unclear exactly how many customers were affected.
In September it was announced that a vault containing back-ups had been stolen. It contained tapes on which breakdown assistance or travel insurance policies were stored. The tapes cannot be read without special equipment that, according to Allianz, was not present in the safe.
It was previously known that on the tapes were names, addresses, places of residence and in some cases bank account numbers or license plates of the Allianz customers. Earlier this month, the travel insurer also informed customers of whom medical data or citizen service numbers may have been stored on the tapes.
Customers have been informed in groups in recent months, the spokesperson said. "If breakdown assistance involved an injury, the correspondence about it was also stored. This may include the medical details or social security numbers."
No indications for misuse of data
Allianz has no indications that the personal data have been misused. Nevertheless, the insurer warned earlier that customers should be vigilant for possible fraud.
Exactly how many customers were affected is unclear. In October, Allianz estimated the number of affected customers at a maximum of 2.3 million . It must become clear in how large the group is.
Source: https://www.nu.nl/tech/6017106/ook-bsns-en-medische-gegevens-in-gestolen-kluis-reisverzekeraar-allianz.html
Problems for patients due to a dispute with the Parnassia healthcare institution and VGZ insurer
Thousands of people who need psychological or addiction care in the The Hague and Rotterdam region, are in danger of not being helped for the time being. The reason is a financial conflict between Parnassia Group and health insurer VGZ. On Tuesday they have they have a meeting with the Dutch Healthcare Authority (NZA).
Parnassia, a large mental healthcare institution in our region, writes on its own site: 'Parnassia Groep has had to take the very difficult decision to stop treating people aged 18 and older who are insured with VGZ or one of its brands. " The patient stop does not apply to people in crisis or in case of forced admission. Even people who are already being treated do not have to fear for the reimbursements. There are 900 VGZ insured persons on the Parnassia waiting list in Haaglanden.
Healthcare institutions and insurers make healthcare agreements based on previous years. This is about how many patients the healthcare institution may treat and what that treatment may cost . Once that amount has been reached, the insurer will no longer reimburse and the healthcare institution should treat patients free of charge from that moment. That is precisely where the conflict between Parnassia and VGZ lies. In 2018 and 2019, Parnassia still wants a reimbursement for the actual number of treatments. Parnassia claims to have carried out a thousand extra treatments in the The Hague and Rotterdam regions that are not reimbursed. This would involve an amount of sixteen million euros. Negotiations between the two parties have been going on since last summer.
"Right to best care"
So there has been a conflict between Parnassia and VGZ in recent years. But even before 2020 there is no contract yet. VGZ wants to use care mediation to refer patients to other providers of mental health care. According to Parnassia, this is undesirable: 'The insurer thereby ignores its duty of care. People who are insured with VGZ have the right to choose the healthcare institution of their choice. Instead, they can now only go to an organization where money is still available for their treatment. "
The chairman of Parnassia's board is angry about this: "She (VGZ, ed.) Thinks from budgets and not from the people who are insured with VGZ and are entitled to the best care." The health insurance company has not yet responded.
'Suitable solution'
Parnassia and VGZ must meet with the Dutch Healthcare Authority. "We want clear and joint communication to patients and policyholders," says spokesperson Erik Bloem from the NZa. 'That is not the case now. In addition, we want a suitable solution for all patients who cannot go to Parnassia now. "
In a tweet, the healthcare authority adds that patients do not have to worry.
Patients always have the right to care. As long as a patient has not yet had an intake at a health care institution, the insurance is obligatory and a place must be provided. As soon as the patient is being treated, the duty of care lies with the practitioner.
Source: https://www.omroepwest.nl/nieuws/3973728/Patienten-tussen-wal-en-schip-door-ruzie-zorginstelling-Parnassia-en-verzekeraar-VGZ
Thousands of billboards at NS stations empty, possible claims of tens of millions
By order of the court, NS had to empty the advertising columns at most of the train stations. It concerns five thousand columns at three hundred stations. Possible claims of 50 million euros or more.
Train travelers will noticed that the train stations have been slightly different since last week. After all, there are hardly any advertisements anymore on the platforms. Due to a recent ruling by the Arnhem-Leeuwarden Court of Appeal, around five thousand bus stations have been vacant at three hundred stations since December 1 And that will certainly remain so for weeks.
The cause is that JCDecaux has gone to court. According to JCDecaux, who is also active in the Netherlands, NS Stations should have publicly tendered the contract with competitors ExterionMedia from 2011 to 2027 based on European rules. The same applied to the contract concluded with Ngage Media in 2015, according to the operator. After years of proceedings, the Arnhem-Leeuwarden Court of Appeal ruled in favor of JCDecaux (largely) on 1 October. According to the Court, NS should have spent on it and JCDecaux has 'a cross-border interest' here.
Compensation
The ruling meant that NS had to terminate both contracts and that JCDecaux received compensation. The amount has yet to be determined. It is clear that the amounts involved are substantial. According to JCDecaux, the contract between NS and ExterionMedia is worth 155 million euros.
ExterionMedia speaks of 50 million euros. The court of justice assumes that the value of concession is at least between 50 and 100 million euros. The contract with Ngage is considerably smaller at € 15.7 million.
It does not stop there for NS. The railways must give JCDecaux further insight into the contracts concluded with ExterionMedia and Ngage, the Court ordered. This allows the operator to calculate his damage.
Abri's remain empty
NS announces that it still has to decide whether the cassation should be registered. In the meantime, it complies with the court decision. The contracts have been terminated and there will be a new tendering procedure that is currently being started. "The shelters will certainly remain empty for several weeks," says an NS spokesperson.
For the time being, the railways are considering filling the empty columns partly with passenger information and the new timetable.
Source: https://www.tubantia.nl/binnenland/duizenden-reclameborden-op-ns-stations-leeg-strop-van-tientallen-miljoenen-dreigt~a739fb96/
Emergency Department 270 hours closed due to IT failure
More and more often the patient is the victim of a failure in the information technology (IT) of hospitals. This causes the patient to experience delays in the primary care process. The outpatient clinic and operating rooms close their doors, an admission stop applies and ambulances have to take expensive and possible life-saving minutes to the next hospital due to the closure of the Emergency Department. This is one of the scenarios that have taken place in the past year.
In 2019, 13 hospitals made the regional and national news with a major IT outage. Recently the Amphia Hospital . The result: long waiting times for the patient. Eight hospitals postponed multiple operations and the SEH closed at three hospitals. The number of news items from 2019 is equal to the number of news items in 2018, when five hospitals postponed their operations and the emergency room closed at four hospitals.
The number of IT disruptions is growing steadily
Looking back over the past decades, there are more than 65 news items to be found. An analysis of these news items shows that 37 hospitals postponed hundreds of operations and that the emergency room was closed 20 times. The outpatient clinic closed in 18 cases. In the past decades, a disruption lasted on average (median) for about five hours with peaks of up to five days (16-03-2010, aZM). For the patient, this means that the emergency room and operating rooms have not been available for at least 270 hours and 255 hours in the past decades, a number that seems to be increasing every year.
In most cases the cause is a failure in the underlying I (C) T infrastructure, as a result of which systems such as the electronic patient file (EPD) are temporarily unavailable.
Paperless Hospital
In recent decades it has been a trend among administrators to pursue a paperless hospital. For example, the Westfriesgasthuis in Hoorn (now part of the Dijklander hospital) claims in 2011 to be "the first hospital in the Netherlands where patient information is kept completely paperless". A large number of hospitals have a similar ambition .
This trend is reinforced by popular 'adoption models' such as the Electronic Medical Record Adoption Model (EMRAM) from HIMSS Analytics. This model indicates the degree of digitization. Level 7 means that the patient file (including results, documents and medical images) is completely digital and that the hospital analyzes this data to further digitize and improve healthcare.
The consequence of this digitization trend is that a hospital has become entirely dependent on IT. An IT outage has the same effect as an outage in the utilities such as electricity and water .
Complexity of IT
In addition to the digitization trend, the complexity of IT within hospitals is also increasing. A hospital has an average of 300 care and business support applications, central data exchange and links from and to the various subsystems. Many of these systems have a dependence on each other and also run on different (version) operating systems.
Some of the systems used may also be outdated because, for example, the supplier no longer exists or does not issue updates, and the application is necessary for the primary process. The information that the applications process with each other is enormous and is used throughout the hospital, from direct patient care, invoicing to strategic (organizational) decisions.
Solution not easy
Due to the increasing complexity of IT, a solution is not easily available. An incident cannot be completely ruled out due to both human and technical failure. Good backup and emergency facilities is therefore a must. It is important that hospitals prepare well for a possible large-scale IT failure. This is possible, for example, by simulating a large-scale IT failure annually. For (BHV) fire exercises and other calamities this is common, but not always for IT.
To reduce the complexity of IT, gaining insight into the entire information provision is important. What is the hospital policy. How are primary (care) processes and which information flows and their processing applications belong to them? How is the underlying infrastructure implemented?
By answering these questions, insight is gained into the provision of information. Dependencies between application, information and the primary (care) processes are therefore easy to identify, as well as any bottlenecks and risk areas. These insights make it possible to identify and reduce potential IT failures.
Source: https://www.icthealth.nl/blog/automatische-concepten-it-storing/96/
Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.
UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two years.
"Maastricht University (UM) has been hit by a serious cyber attack," the university announced on Christmas Eve, December 24.
"Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution."
It is currently unknown if scientific data was also accessed or exfiltrated by the attackers during the attack, prior to the systems getting encrypted with the yet unnamed ransomware strain.
"Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data. - UM
All systems shut down temporarily
In an update published today, UM says that all the university's systems have been taken down as a precautionary measure during investigations.
"In order to work as safely as possible, UM has temporarily taken all of its systems offline," the update says. "Everything is aimed at giving students and employees access to the systems as soon as possible, possibly in phases."
However, seeing that the attack affected a vast majority of UM's computing systems, the amount of time needed to restore all the impacted computers is not yet possible to estimate.
"For the same reason, it is not possible to state with absolute certainty, which systems have been affected and which have not," UM adds. "This requires additional investigation."
"The Executive Board and the deans of the faculties deeply regret the inconvenience this is causing for both students and staff. In the days to come, they want to see in what way students and staff who are experiencing problems due to this situation can be accommodated. - UM"
At this time, UM's IT staff and external security specialists are working on repairing the affected systems and are also running a forensic investigation of the cyber-attack. The attack has also been reported to law enforcement as required by regulations in the Netherlands.
According to UM, the main focus right now is to make sure that the university's systems will be protected in the event of a future attack.
UM also says that employees and students can reach out to the ICT Servicedesk with questions related to the attack by sending an e-mail at [email protected] using their private e-mails or by calling 043 38 85 101 today during office hours.
BleepingComputer asked Maastricht University for comment and for extra details regarding the ransomware attack but did not hear back at the time of publication.
"Update December 30, 10:07 EST: UM says in a new update that "education at UM can be resumed on January 6. Some important systems that are required for this will be available online again from 2 January."
This primarily concerns information systems for students that are used for scheduling (inspection only), study materials (Blackboard / ELEUM) and the UM Student Portal as well. Availability does involve more limited functionality.
Students will also have to change all their passwords from an external location, outside the UM WiFi network."
Source: https://www.bleepingcomputer.com/news/security/ransomware-hits-maastricht-university-all-systems-taken-down/
Also social security numbers and medical data in stolen safe Travel Insurer Allianz Netherlands
In some cases, the safe of travel insurer Allianz Global Assistance, which was stolen in September, also had citizen service numbers (BSNs) and medical data, a spokesperson told. Customers were informed about this earlier this week. It is unclear exactly how many customers were affected.
In September it was announced that a vault containing back-ups had been stolen. It contained tapes on which breakdown assistance or travel insurance policies were stored. The tapes cannot be read without special equipment that, according to Allianz, was not present in the safe.
It was previously known that on the tapes were names, addresses, places of residence and in some cases bank account numbers or license plates of the Allianz customers. Earlier this month, the travel insurer also informed customers of whom medical data or citizen service numbers may have been stored on the tapes.
Customers have been informed in groups in recent months, the spokesperson said. "If breakdown assistance involved an injury, the correspondence about it was also stored. This may include the medical details or social security numbers."
No indications for misuse of data
Allianz has no indications that the personal data have been misused. Nevertheless, the insurer warned earlier that customers should be vigilant for possible fraud.
Exactly how many customers were affected is unclear. In October, Allianz estimated the number of affected customers at a maximum of 2.3 million . It must become clear in how large the group is.
Source: https://www.nu.nl/tech/6017106/ook-bsns-en-medische-gegevens-in-gestolen-kluis-reisverzekeraar-allianz.html
Problems for patients due to a dispute with the Parnassia healthcare institution and VGZ insurer
Thousands of people who need psychological or addiction care in the The Hague and Rotterdam region, are in danger of not being helped for the time being. The reason is a financial conflict between Parnassia Group and health insurer VGZ. On Tuesday they have they have a meeting with the Dutch Healthcare Authority (NZA).
Parnassia, a large mental healthcare institution in our region, writes on its own site: 'Parnassia Groep has had to take the very difficult decision to stop treating people aged 18 and older who are insured with VGZ or one of its brands. " The patient stop does not apply to people in crisis or in case of forced admission. Even people who are already being treated do not have to fear for the reimbursements. There are 900 VGZ insured persons on the Parnassia waiting list in Haaglanden.
Healthcare institutions and insurers make healthcare agreements based on previous years. This is about how many patients the healthcare institution may treat and what that treatment may cost . Once that amount has been reached, the insurer will no longer reimburse and the healthcare institution should treat patients free of charge from that moment. That is precisely where the conflict between Parnassia and VGZ lies. In 2018 and 2019, Parnassia still wants a reimbursement for the actual number of treatments. Parnassia claims to have carried out a thousand extra treatments in the The Hague and Rotterdam regions that are not reimbursed. This would involve an amount of sixteen million euros. Negotiations between the two parties have been going on since last summer.
"Right to best care"
So there has been a conflict between Parnassia and VGZ in recent years. But even before 2020 there is no contract yet. VGZ wants to use care mediation to refer patients to other providers of mental health care. According to Parnassia, this is undesirable: 'The insurer thereby ignores its duty of care. People who are insured with VGZ have the right to choose the healthcare institution of their choice. Instead, they can now only go to an organization where money is still available for their treatment. "
The chairman of Parnassia's board is angry about this: "She (VGZ, ed.) Thinks from budgets and not from the people who are insured with VGZ and are entitled to the best care." The health insurance company has not yet responded.
'Suitable solution'
Parnassia and VGZ must meet with the Dutch Healthcare Authority. "We want clear and joint communication to patients and policyholders," says spokesperson Erik Bloem from the NZa. 'That is not the case now. In addition, we want a suitable solution for all patients who cannot go to Parnassia now. "
In a tweet, the healthcare authority adds that patients do not have to worry.
Patients always have the right to care. As long as a patient has not yet had an intake at a health care institution, the insurance is obligatory and a place must be provided. As soon as the patient is being treated, the duty of care lies with the practitioner.
Source: https://www.omroepwest.nl/nieuws/3973728/Patienten-tussen-wal-en-schip-door-ruzie-zorginstelling-Parnassia-en-verzekeraar-VGZ
Thousands of billboards at NS stations empty, possible claims of tens of millions
By order of the court, NS had to empty the advertising columns at most of the train stations. It concerns five thousand columns at three hundred stations. Possible claims of 50 million euros or more.
Train travelers will noticed that the train stations have been slightly different since last week. After all, there are hardly any advertisements anymore on the platforms. Due to a recent ruling by the Arnhem-Leeuwarden Court of Appeal, around five thousand bus stations have been vacant at three hundred stations since December 1 And that will certainly remain so for weeks.
The cause is that JCDecaux has gone to court. According to JCDecaux, who is also active in the Netherlands, NS Stations should have publicly tendered the contract with competitors ExterionMedia from 2011 to 2027 based on European rules. The same applied to the contract concluded with Ngage Media in 2015, according to the operator. After years of proceedings, the Arnhem-Leeuwarden Court of Appeal ruled in favor of JCDecaux (largely) on 1 October. According to the Court, NS should have spent on it and JCDecaux has 'a cross-border interest' here.
Compensation
The ruling meant that NS had to terminate both contracts and that JCDecaux received compensation. The amount has yet to be determined. It is clear that the amounts involved are substantial. According to JCDecaux, the contract between NS and ExterionMedia is worth 155 million euros.
ExterionMedia speaks of 50 million euros. The court of justice assumes that the value of concession is at least between 50 and 100 million euros. The contract with Ngage is considerably smaller at € 15.7 million.
It does not stop there for NS. The railways must give JCDecaux further insight into the contracts concluded with ExterionMedia and Ngage, the Court ordered. This allows the operator to calculate his damage.
Abri's remain empty
NS announces that it still has to decide whether the cassation should be registered. In the meantime, it complies with the court decision. The contracts have been terminated and there will be a new tendering procedure that is currently being started. "The shelters will certainly remain empty for several weeks," says an NS spokesperson.
For the time being, the railways are considering filling the empty columns partly with passenger information and the new timetable.
Source: https://www.tubantia.nl/binnenland/duizenden-reclameborden-op-ns-stations-leeg-strop-van-tientallen-miljoenen-dreigt~a739fb96/
Emergency Department 270 hours closed due to IT failure
More and more often the patient is the victim of a failure in the information technology (IT) of hospitals. This causes the patient to experience delays in the primary care process. The outpatient clinic and operating rooms close their doors, an admission stop applies and ambulances have to take expensive and possible life-saving minutes to the next hospital due to the closure of the Emergency Department. This is one of the scenarios that have taken place in the past year.
In 2019, 13 hospitals made the regional and national news with a major IT outage. Recently the Amphia Hospital . The result: long waiting times for the patient. Eight hospitals postponed multiple operations and the SEH closed at three hospitals. The number of news items from 2019 is equal to the number of news items in 2018, when five hospitals postponed their operations and the emergency room closed at four hospitals.
The number of IT disruptions is growing steadily
Looking back over the past decades, there are more than 65 news items to be found. An analysis of these news items shows that 37 hospitals postponed hundreds of operations and that the emergency room was closed 20 times. The outpatient clinic closed in 18 cases. In the past decades, a disruption lasted on average (median) for about five hours with peaks of up to five days (16-03-2010, aZM). For the patient, this means that the emergency room and operating rooms have not been available for at least 270 hours and 255 hours in the past decades, a number that seems to be increasing every year.
In most cases the cause is a failure in the underlying I (C) T infrastructure, as a result of which systems such as the electronic patient file (EPD) are temporarily unavailable.
Paperless Hospital
In recent decades it has been a trend among administrators to pursue a paperless hospital. For example, the Westfriesgasthuis in Hoorn (now part of the Dijklander hospital) claims in 2011 to be "the first hospital in the Netherlands where patient information is kept completely paperless". A large number of hospitals have a similar ambition .
This trend is reinforced by popular 'adoption models' such as the Electronic Medical Record Adoption Model (EMRAM) from HIMSS Analytics. This model indicates the degree of digitization. Level 7 means that the patient file (including results, documents and medical images) is completely digital and that the hospital analyzes this data to further digitize and improve healthcare.
The consequence of this digitization trend is that a hospital has become entirely dependent on IT. An IT outage has the same effect as an outage in the utilities such as electricity and water .
Complexity of IT
In addition to the digitization trend, the complexity of IT within hospitals is also increasing. A hospital has an average of 300 care and business support applications, central data exchange and links from and to the various subsystems. Many of these systems have a dependence on each other and also run on different (version) operating systems.
Some of the systems used may also be outdated because, for example, the supplier no longer exists or does not issue updates, and the application is necessary for the primary process. The information that the applications process with each other is enormous and is used throughout the hospital, from direct patient care, invoicing to strategic (organizational) decisions.
Solution not easy
Due to the increasing complexity of IT, a solution is not easily available. An incident cannot be completely ruled out due to both human and technical failure. Good backup and emergency facilities is therefore a must. It is important that hospitals prepare well for a possible large-scale IT failure. This is possible, for example, by simulating a large-scale IT failure annually. For (BHV) fire exercises and other calamities this is common, but not always for IT.
To reduce the complexity of IT, gaining insight into the entire information provision is important. What is the hospital policy. How are primary (care) processes and which information flows and their processing applications belong to them? How is the underlying infrastructure implemented?
By answering these questions, insight is gained into the provision of information. Dependencies between application, information and the primary (care) processes are therefore easy to identify, as well as any bottlenecks and risk areas. These insights make it possible to identify and reduce potential IT failures.
Source: https://www.icthealth.nl/blog/automatische-concepten-it-storing/96/