The hacker group LockBit 3.0 is responsible for the attack on the KBC hospital in Zagreb last Thursday and is demanding a ransom, according to a post on the HackManac profile on X on Monday.

HackManac says the hackers exfiltrated medical records, patient examinations and studies, doctors’ research documents, surgeons’ data, organ and donor data, tissue bank data and employee data.

KBC Zagreb was given a deadline of 18 July to pay the ransom, but the amount was not specified.

The cyber attack on KBC Zagreb came after hackers attacked the websites of several Croatian institutions on Wednesday, including the Ministry of Finance, the Tax Administration, the Croatian National Bank and the Zagreb Stock Exchange.

Responsibility for these attacks was claimed by the Russian hacker group NoName057(16), which however denied responsibility for the attack on KBC Zagreb.

Beros: The government will not negotiate with criminals

Commenting on the hacker attack on KBC Zagreb, Health Minister Vili Beros emphasised that the government adopted a new Cyber security Act in February this year and established a national cyber security centre within the Security and Intelligence Agency (SOA).

According to him, the terrorist organisation behind the attack had set conditions for a certain profile on social network X, but the government’s stance is not to negotiate with criminals.

No data has been published on X that would definitively confirm that they are in possession of Croatian citizens’ data, and a forensic analysis is currently being carried out to determine this. Beros emphasised that all measures have been taken to protect citizens’ data, but such attacks are not uncommon and occur in other countries as well, such as the Pentagon in the US.

KBC Zagreb’s IT system works properly

The minister appealed to the public not to read or disseminate the stolen data, as this is neither morally nor ethically justifiable, and emphasised the responsibility of the media in protecting citizens’ data.

When asked if he could say with certainty that there was no leak of citizens’ data, Beros said that this could not be confirmed with certainty while the relevant institutions carried out their procedures and forensic analyses of the attack. He added that the information that appeared on the organisation’s profile was not true.

Beros said that in the future there will be a battle between good and evil and that efforts will be made to protect data. He advised citizens to behave safely on the internet.

He also mentioned that the IT system of KBC Zagreb is functioning properly and that, unlike in the first days after the attack, there are no difficulties in the provision of health services. He added that he has received reports from all the health facilities he requested.