The Human Factor: Experts Warn of Czech Hospitals’ Cyber Vulnerability

Both the EU and the US issued statements criticising the cyber-attacks in the Czech Republic this spring. Several Czech media outlets went further, accusing Russia of orchestrating the hacks – a claim described by the Russian embassy in Prague as a “provocation”. Russia has major business interests in the country and its government is frequently accused of trying to influence Czech politics, as well as public opinion through disinformation campaigns. Similar accusations have also been directed at China, another global player with interests in the Czech economy.

Experts are however cautious about claims that foreign governments are involved in the recent hacks. According to Yuval Ben-Itzhak, the former CEO of Israeli cyber-security firm, Finjan, who currently heads the Prague-based digital marketing company, Socialbakers, state actors prefer making discreet inroads into IT infrastructure over high-profile hacks. “Governments want to have access on a long-term basis, not visibility in the news,” he told BIRN.

Alexandra Alvarova, a writer on disinformation tactics in the Czech Republic, said claims of Russian involvement in the hacks would most likely remain unverified unless there was a high-profile defection from the ranks of its intelligence service. “In this business, only an amateur would leave tracks, and Russian intelligence hackers are some of the best in the world,” she told BIRN.

Czech lawmakers are currently seeking to amend laws in order to give NUKIB a bigger role in defending hospitals from cyber-attack. NUKIB spokesman Jiri Taborsky said the legislative changes are a response to a “long-term, unsatisfactory situation” in the Czech healthcare system’s cyber-defences.

“This situation in turn reflects long-term under-investment in hardware and software infrastructure, as  well as in human resources,” he told BIRN in an emailed statement. “NUKIB has been warning of this every year in its annual report on the state of cyber-security.”

The agency said it was also providing “educational materials and courses to help medical staff nationwide educate themselves” about the cyber threat.

‘Working crazy hours’

While claims of foreign…