Belgian Hospital Cyberattack (2026)

Belgian Hospital Cyberattack (2026)

KoreWealth

3/10/20263 min read

The Belgian hospital cyberattack on AZ Monica (a general hospital network in Antwerp, Belgium, with campuses in Antwerp city center and Deurne) occurred on January 13, 2026. It caused significant disruption to healthcare services, widely reported as a serious IT incident, likely involving ransomware or ransomware-like elements (though the exact malware or perpetrators were not publicly confirmed in most sources).

Timeline and Detection

  • The incident was detected early in the morning around 6:30–6:32 AM on January 13, 2026, when hospital IT staff noticed a serious disruption to computer systems and servers.

  • As a precautionary measure to contain the attack and prevent further damage or potential data exfiltration/encryption spread, the hospital proactively shut down all servers across both campuses (Antwerp and Deurne).

  • Belgian authorities, including the public prosecutor's office and federal police cybercrime unit, were immediately involved. The prosecutor's office officially confirmed it as a cyberattack.

Immediate Impact

  • All scheduled surgeries were canceled on January 13, affecting at least 70 planned operations across the two campuses. Many patients were sent home.

  • Non-urgent consultations, outpatient appointments, radiology, imaging, chemotherapy, and other elective procedures were postponed.

  • Doctors and staff lost access to electronic patient records, forcing reliance on manual/paper processes where possible.

  • The emergency department remained open but operated at reduced capacity. Mobile emergency services and intensive care transport units were temporarily offline or redirected.

  • Seven critical care patients (those requiring urgent specialized treatment that AZ Monica could no longer safely provide due to the outage) were transferred to other hospitals with assistance from the Red Cross.

  • Urgent and existing inpatients continued to receive care, and visitors were still allowed, but overall operations were severely limited.

  • No immediate evidence of patient data theft was reported at the time, though investigations were ongoing to determine if any sensitive information was compromised.

Longer-Term Effects

  • The outage persisted for weeks. Servers remained offline or in limited recovery mode into late January/early February 2026, with no clear timeline for full restart initially announced.

  • By late January 2026, the cyberattack disrupted payroll systems, meaning the hospital could not correctly calculate or pay salaries for staff in January (affecting around 1,200 employees in related reports on Belgian healthcare incidents; AZ Monica specifically noted issues with planning/payroll systems still down).

  • Recovery progress was reported by mid-February 2026: The hospital's website and administrative systems became operational again, and full operations were restored about four weeks after the attack (around mid-February 2026).

  • Computers and systems were gradually restarted, allowing a return to normal capacity.

Nature of the Attack

  • Described variably as a "serious disruption," "cyberattack," or in some sources as a potential ransomware incident (e.g., The Record referred to it as a reported ransomware attack).

  • No specific ransomware group claimed responsibility publicly, and details on encryption, data leak, or ransom demands were not widely disclosed.

  • The hospital prioritized patient safety by isolating systems early, avoiding worse escalation.

Broader Context

This incident highlighted ongoing vulnerabilities in Belgian (and European) healthcare IT infrastructure. In 2025–2026, the sector saw multiple attacks (Belgium reported over 2,600 healthcare cyber incidents in prior periods). AZ Monica provides acute, specialized, and outpatient care to the Antwerp region, making the disruption particularly impactful locally.

No fatalities or direct patient harm from the attack were reported, thanks to quick containment and transfers. The case underscored the need for better backups, segmentation, and cyber resilience in critical infrastructure like hospitals.

This summary draws from contemporary reports in January–February 2026; by March 2026 (current time), the incident appears resolved with systems back online.