A ransomware cyberattack targeted one of Barcelona’s major hospitals, forcing it to shut down its computer systems and cancel 150 non-urgent surgeries and tests for up to 3,000 patients.
reported monday on Twitter, the attack on the Hospital Clinic de Barcelona occurred on Sunday. At the time, the agency said it was working to identify the extent of the breach and restore the system.
Hours after first reporting the incident, the hospital clinic published a new post saying 10% of its outpatient visits to date have recovered, along with several non-urgent surgeries.
“We have recovered 10% of our consultation activity and some of our elective surgeries,” said the hospital Confirmed today. “Patients who are available to visit will receive a phone call to confirm their appointment. A rescheduled visit will be announced shortly.”
The Catalan government statement (in Catalan) further explained that the regional cybersecurity agency is working to restore the hospital’s systems. The attack was carried out by an actor known as RansomHouse.
According to Avishai Avivi, CISO of security firm SafeBreach, few details about the attack have been revealed, but a statement by the Catalan Cybersecurity Agency can infer some information.
“This was a remote access attack – hospital spokesperson [stated] The attack occurred outside Spain. This means that a malicious actor could remotely compromise a hospital’s network,” explained Avivi.
“Malicious actors were able to spread laterally given multiple locations (laboratories, emergency rooms, pharmacies, and some external clinics) were shut down. , suggesting that the hospital network was not properly segmented and isolated from each other.”
Security experts also discussed alleged attack attribution, revealing that RansomHouse typically does not encrypt data, instead focusing on data exfiltration.
“This indicates that a computer shutdown has taken place to prevent further data exfiltration. This also suggests that Hospital Clinic de Barcelona does not have good exit security controls to prevent data exfiltration. We do,” added Avivi.
“This speculation is further supported by the fact that the hospital appears to indicate that it will not pay the ransom, and I believe the hospital still has access to all the data.”
The attack on the Hospital Clinic comes months after RansomHouse attackers claimed another attack against Colombian healthcare provider Keralty.
