Bağcılar Training and Research Hospital in Istanbul hit by cyberattack, data loss and data breach
Take action: Running a system without any backup is a recipe for disaster, even without hackers. Always check that your systems have a valid and functioning backup.
Learn More
The Bağcılar Training and Research Hospital in Istanbul, Turkey, has experienced a significant cybersecurity incident that compromised the medical records of millions of patients. The hospital, a central healthcare provider in Istanbul, serves approximately 5,000 patients daily and two million annually.
The attack targeted both the hospital's old PACS system and the newly installed Simplex system, neither of which had adequate backup measures. This resulted in the complete disappearance of archived visual data and a partial loss of patient data spanning 12 days from the most recent backup in the Bilbest system, which does store backups regularly. Other crucial data stored in the hospital's systems, such as performance information of the physicians, was also affected.
The exposed data from this incident includes:
- Names and surnames
- Names of relatives
- Addresses
- Phone numbers
- Bank account details
- House and land deeds
- Medical records such as X-ray scans and test results
The nature of the attack nd the number of affected individuals have not been disclosed.
An anonymous employee has attributed the breach to the hospital management’s negligent attitude towards cybersecurity, claiming that the administration is more focused on covering up the incident rather than addressing the breach responsibly. The hackers have allegedly demanded a ransom of $200,000 in exchange for the stolen data.
