Authorities in Barcelona revealed on Monday that thousands of appointments had to be canceled due to a ransomware attack on the city’s primary hospital. After a Saturday attack on the Hospital Clinic de Barcelona, all of the facility’s laboratories, clinics, and emergency room computers were shut down. On Monday, its website was not accessible.
Because employees cannot access patients’ health records, 150 non-urgent operations and up to 3,000 patient appointments, including radiation visits, were canceled on Monday, according to officials, according to the El Pas daily.
According to the local Catalonian Cybersecurity Agency, the Ransom House gang carried out the hack. It claims to have sold data obtained by its “partners” and counts semiconductor firm AMD as a prior victim. On its own website, the gang asserts that it “produces or uses no ransomware” and “has nothing to do with any breaches.” It calls itself a “network of professional mediators.”
The hospital would not be paying a ransom even if there was an extortion demand, according to Segi Marcén, the regional Catalan government’s secretary for media.
We won’t pay anything, Marcén declared. Ransomware groups frequently threaten to make stolen material available to the public if an extortion payment is not received by a specific date. On Monday, nothing from the hospital was visible on Ransom House’s leak site.
Although it was not yet known whether the hospital’s data backups were also compromised, Marcén added that the regional administration was “working on recovering the information” affected by the hack, according to El Pas.
Employees at the Barcelona hospital are compelled to write on paper and are not permitted to use electronic systems for sharing patient data. The facility’s press office stated that urgent cases are being sent to other hospitals.
The hospital’s director, Antoni Castells, told journalists that it was impossible to determine when the system would return to normal. He added that a backup plan was in place to keep services running for a few days, though he hoped it would be restored sooner.
The Catalan Cybersecurity Agency’s general director, Tomàs Roy, stated that the attackers “had deployed new attack methodologies,” although he did not elaborate.
El Pas said that recovery from the attack will be “gradual” since IT employees must make sure that systems aren’t restored while the attackers still have access to the system.
Conclusion
More than 3,000 patient visits and 150 non-urgent operations had to be canceled as a result of a ransomware intrusion on one of Barcelona’s major hospitals, officials said on Monday. The hospital’s laboratory, emergency department, pharmacy, three main centers, and many outside clinics all had their computers shut down as a result of the attack on the Hospital Clinic de Barcelona on Sunday.
At a Monday news conference, hospital director Antoni Castells said, “We can’t make any predictions as to when the system will function normally once more. The hospital’s backup plan, he claimed, would keep things running for a few days, but he hoped the system could be rectified sooner.
According to a Catalonia regional government statement, the system was being attempted to be restored. The organization said on Monday that the attack was planned from outside of Spain by a group named “Ransom House.” Hackers haven’t yet made a ransom demand, but Segi Marcén, the regional government’s secretary for telecommunications, indicated that no money would be paid.
According to the hospital’s press office, all written work is done on paper, and new urgent cases are being sent to other hospitals in the neighborhood. According to the Spanish national news agency EFE, the attack reportedly disrupted communication between units and access to patient records.
“Cyber criminals know that hitting patient services and business availability is the most effective way to gain a ransom payment. The healthcare industry is one of the few sectors where cyberattacks can fatally impact human life. Attacks can put decision makers in a morally impossible situation in which they have no choice but to pay ransoms in order to get their services back up and running.
The connection of IT and OT devices and the convergence of the Internet of Medical Things (IoMT), creates a new range of cyber threats and attack vectors which threatens service up-time, and ultimately puts patients at risk.
Healthcare providers must build cyber resilience in order to protect service availability.
Patching services should be implemented to fix urgent OT and IoMT vulnerabilities, as well as network segmentation with asset class network segmentation policies to limit the movement of malware and impact of a ransomware attack.”