Hospital Clinic de Barcelona, one of Barcelona’s biggest public hospitals, was victim to a ransomware attack on the morning of Sunday 5 March. The hospital announced the cancellation of 150 non-urgent operations, up to 3000 outpatient appointments and 400 blood tests.
The attack has affected the emergency department, the laboratory and pharmacy. Access to patient medical history has also been made difficult.
Management at the hospital directed emergency cases to other hospitals in the capital and rerouted ambulances to alternative medical centers.
The hospital’s website was taken offline on Sunday and doctors have resorted to using paper notes for the 800 inpatients. Paperwork is more time consuming and less efficient and has lead to doctors coming in during time off and an increase in on-shift administrative staff.
Hospital Clinic de Barcelona are working with the Catalan police (los Mossos d’Esquadra), Europol and Interpol to investigate the crime.
Ransom House has been named as the perpetrator of the attack on Hospital Clinic de Barcelona.
In a press conference on Monday 6, Sergi Marcen, secretary of Telecommunications and Digital Transformation explained that the ransomware strike originated from outside of Spain. “There will be no negotiations to pay even a cent” in the recovery of the stolen data, said Tomas Roy, of Catalan Cybersecurity Agency, adding that the nature of the cyberattack was complex and that the malware had clearly “evolved” from “classic techniques”.
In Catalunya alone, there are approximately 1,700 million attempted cyber-attacks annually, of which 98% are blocked however the 2% who do fall victim equate to 2000 security issues.
A ransomware attack operates by gaining access to a company’s computer network via various means. In some cases a ‘phishing’ email is sent to the victim or access is gained via staff’s personal networks when working from home. Once the ransomware has infiltrated the data systems, they deploy a type of malware which then encrypts the computer system, cutting off access to the victim’s content. The gang responsible then demands money for the release of the stolen information.
In some cases, data is only made unavailable to the victim however, in others, particularly where negotiations have been less successful, ransomware gangs have created websites to publish stolen data.
The criminal group behind the attack, Ransom House, are thought to have debuted in December 2021, attacking a liquor and gaming company, followed by a Swedish rail company and Jefferson Credit union.
Increasingly cyberattacks are targetting healthcare providers.
In August 2022 the software company, Advanced, used by the NHS, was victim to a malware attack. It led to significant disruption of 111 calls, outpatient services, mental health trusts, triage, ambulance dispatches and emergency prescriptions.
According to research carried out by Accenture, the healthcare industry experienced 556 data breaches globally in 2022 resulting in the compromise of 65 million medical records.
Cyberattacks on healthcare organizations are on the rise, in the US research shows that such attacks doubled between 2016 and 2022.
The industry is seen as an easy target for cyberattacks and produces good returns, primarily because patient data is confidential and therefore valuable. Medical devices are also easily hacked due to the number of connected technologies, from a variety of manufacturers, which operate with different security systems. Additionally patient data is typically shared remotely across different healthcare providers which creates several entry points for attack as well staff’s private devices which are connected to internal networks.
- Cybercrime accounts for 20% of reported offences in Spain
- Fraudster lies about advance payment to enjoy free stays in hotels on Spain’s Mallorca
- Businesses across Spain get ripped-off by Barcelona-based cybercriminals