In January 2026, AZ Monica, a major hospital network in Antwerp, Belgium, suffered a cyberattack that disrupted operations across its Deurne and Antwerp campuses. The attack forced the hospital to shut down all servers, leaving electronic medical records inaccessible and canceling scheduled surgeries and non-urgent consultations. Seven critically ill patients were transferred to other facilities with Red Cross support, while emergency care continued at reduced capacity. Ambulances were rerouted, and patients were advised to contact general practitioners or alternative emergency services.
Timeline of the Attack
The cyberattack began at 6:32 a.m. on January 13, prompting an immediate shutdown of all systems to prevent potential data compromise. The disruption halted almost all scheduled procedures. By January 14, at least 70 operations had been canceled, and surgeries remained on hold. Mobile emergency teams were unavailable, and the hospital’s emergency department continued operating but at very limited capacity.
Evidence and Cybersecurity Concerns
While rumors of a ransom demand circulated, authorities have not confirmed any extortion. Investigations revealed that at least four other Belgian hospitals were affected through a shared patient registration software provider, exposing roughly 71,000 patient and staff login credentials on the darknet. A second breach affected around 1,000 credentials linked to commercial and government organizations. These incidents underline the risks posed not only by direct cyberattacks but also by vulnerabilities in third-party services.
Hospital Response
AZ Monica prioritized patient safety, transferring critical patients and continuing care for others despite the disruption. Doctors were forced to postpone medical imaging, chemotherapy, and other procedures due to the inaccessibility of electronic records. Hospital leadership coordinated with public prosecutors and cybersecurity authorities to contain the attack and evaluate its impact on operations and patient data.
Implications for Healthcare
The AZ Monica attack shows just how vulnerable hospitals are to cyber threats. Operations were heavily disrupted with dozens of surgeries canceled, including urgent procedures like chemotherapy and MRIs, while non-urgent consultations were postponed. Emergency services ran at reduced capacity, and ambulances were diverted, highlighting how a single attack can immediately impact patient care and hospital functionality.
The incident also exposes broader risks across Belgian healthcare. Hospitals are increasingly targeted due to valuable patient data and often rely on third-party IT providers, which can be weak points, as seen with additional breaches of patient registration software. With cyberattacks nearly doubling between 2020 and 2025, compliance with the European NIS2 directive, which mandates audits of external suppliers, is crucial. Even well-protected hospitals can be compromised through vendors, showing the need for stronger cybersecurity strategies and ongoing vigilance.
Data Exposure
The AZ Monica attack itself did not result in confirmed patient data being stolen from the hospital, thanks to the immediate shutdown of all servers, which prevented access to electronic medical records. However, a related breach at a third-party patient registration software provider exposed roughly 71,000 credentials on the darknet, including patient accounts and healthcare staff logins. Another 1,000 credentials from a separate IT supplier affecting commercial and government users were also leaked, showing how hospitals can be compromised indirectly through the systems they rely on.
The leaked credentials highlight the dangers of unpatched systems, weak access controls, and password-stealing malware. Experts emphasize two-factor authentication, regular backups, and continuous network monitoring as essential defenses. The combination of AZ Monica’s proactive server shutdown and the supplier breaches illustrates both the immediate protective effect of rapid response and the ongoing risks from external providers that hospitals must manage.
Conclusion
The AZ Monica cyberattack shows just how fast a hospital can be thrown into chaos. The immediate shutdown of all servers was crucial, preventing access to patient records and likely stopping direct data theft, while allowing staff to focus on urgent care. Despite this, dozens of surgeries were canceled, chemotherapy and imaging treatments were delayed, and emergency services ran at reduced capacity. The related breaches at third-party software providers further demonstrate that even if a hospital reacts quickly, vulnerabilities in external systems can still put patient data at risk. This event is a perfect example of how a rapid response can significantly limit damage.
0 Comments