The Scenario

Day one. All critical systems encrypted. Unauthorized access detected throughout the infrastructure. Pay the ransom or lose your data.

Twenty-five participants from three university hospitals and CESNET faced this reality. A live exercise built on actual ransomware group tactics targeting healthcare institutions.

Team Structure

Five teams formed at our Brno CyberCampusCZ facility:
Three IT administration teams – each led by hospital representatives
from Brno, Olomouc, and Ostrava University Hospitals.
One SOC team – CESNET personnel handling detection and analysis.
One CRISIS team – cybersecurity managers and leadership from all participating organizations.

The structure mirrors real incident response. We tested both technical capabilities and cross-team coordination under pressure.

Beyond Technical Defense

Morning briefings covered tools and environment familiarization. Then intensive hands-on scenarios through late afternoon of day two.

Participants tackled incident detection, containment, and recovery. Technical skills alone don’t stop attacks. We tested crisis management, decision-making under stress, and IT-management collaboration.

Attacker Perspective

Final debrief revealed the full picture. Teams compared their actions against our reference solution. Our red team showed their attack methodology. Understanding attacker thinking changes defense strategies.

Participants gained practical experience applicable to their organizations. Preparation before real incidents occur.

These exercises serve public organizations and companies under higher cybersecurity obligations who strengthen their threat preparedness systematically.

Delivered through EDIH Cybersecurity Innovation Hub project. Pilot phase capacity is full. New cohorts available from April 2026 through CIH project continuation. Commercial delivery available outside project framework.

Make contact for next cohorts.

Funded by Digital Europe programme and National Recovery Plan.