Four key organizations, five teams, twenty-five participants, and one very realistic scenario. At the end of November, the CyberRangeCZ expert group, in collaboration with Brno University Hospital, organized a two-day cyber exercise at Brno’s CyberCampusCZ to defend against an ongoing cyberattack for two other large Moravian university hospitals and the CESNET association. Representatives from IT and cybersecurity departments practiced technical skills as well as procedural and legal protocols, including coordination within their teams and with one another.
A new day dawns, and it is discovered that all of the hospital’s critical systems have been encrypted and that uninvited guests are moving freely within the infrastructure. If you want to restore operations and recover your data, pay the ransom. Thus begins a two-day exercise that places participants in the role of defenders of a hospital under attack by a sophisticated ransomware group. The exercise is built on real technologies in the CyberRangeCZ environment, and the attack scenario itself is inspired by existing ransomware groups. Participants thus tackle situations of the same type that threaten hospitals around the world.
IT and cybersecurity specialists from the University Hospitals in Brno, Olomouc, and Ostrava participated in the exercise, along with representatives from the CESNET association. They were divided into five teams—three teams of IT administrators, each led by a representative from one of the hospitals; a SOC team composed of CESNET employees; and a CRISIS team made up of cybersecurity managers and management representatives from all participating organizations. It is precisely this joint cooperation and coordination in the step-by-step resolution of the incident that falls under the soft skills on which the exercise also focuses. The exercise develops not only technical skills for detecting and stopping an attack, but also crisis management, decision-making under pressure, and mutual cooperation between IT and cyber specialists and management.
After the introductory morning lectures and an overview of the tools and environment used on the first day, the participants moved on to an intensive hands-on session that continued until late afternoon on the second day. This was followed by a detailed debriefing, during which the individual teams compared their actions with the authors’ solution. An integral part of the debriefing was a discussion with the attackers, who shared their perspective on the incident’s execution. Participants thus gained practical experience that they can use to strengthen their organization’s cyber resilience.
The cyber exercises organized by CyberRangeCZ are not intended solely for hospitals. They are available to all public organizations and businesses that are subject to enhanced obligations under the Cybersecurity Act and wish to systematically strengthen their preparedness for cyber threats.
The exercise was provided as a professional service facilitated through the EDIH Cybersecurity Innovation Hub project, which focuses on strengthening cybersecurity and resilience. The EDIH pilot phase is entering its final stage and capacity is already full; however, interested parties can participate in a similar exercise in the follow-up CIH project starting in May 2026, or order it individually on a commercial basis outside the project. If you are interested, please do not hesitate to contact us at info@cshub.cz.
The Cybersecurity Exercise in the CyberRangeCZ environment was carried out as part of the EDIH Cybersecurity Innovation Hub project and funded by the Digital Europe and National Recovery Plan programs.
On October 28, 2025, a memorandum on Czechia-Ukraine cooperation between European Digital Innovation Hubs (EDIH) was ceremoniously signed. The memorandum represents a significant step towards strengthening cross-border cooperation between the Czech and Ukrainian innovation ecosystems in the areas of digitization, artificial intelligence, cybersecurity, and green transformation.
On Thursday, October 9, twelve Ukrainian representatives from industry, academia, and innovation organizations visited CyberSecurityHubcz and CyberRangecz. They agreed to develop a strategic partnership in cybersecurity.
