Thousands of appointments canceled after ransomware hits major Barcelona hospital
A ransomware attack on the city of Barcelona’s main hospital has forced thousands of appointments to be canceled, officials announced Monday.
The Hospital Clinic de Barcelona was attacked Saturday, with computers across the institutions’ numerous laboratories, clinics and emergency room shut down. Its website was unavailable on Monday.
Officials said that 150 non-urgent operations were canceled on Monday alongside up to 3,000 patient checkups, including radiotherapy visits, because staff can’t access patients’ clinical records, reported the El País newspaper.
The Ransom House gang — which lists semiconductor company AMD as a previous victim, claiming to have sold data stolen by its "partners" — was responsible for the attack, according to the regional Catalonian Cybersecurity Agency. The gang itself claims on its leak site to “have nothing to do with any breaches” and doesn’t “produce or use any ransomware.” It describes itself as a “professional mediators community.”
Segi Marcén, telecommunications secretary for the regional Catalonia government, said that no extortion demand had yet been received but that the hospital would not be making a ransom payment even if one was.
“We will not pay a cent,” Marcén said. Ransomware gangs typically threaten to release stolen data publicly if an extortion payment doesn’t come by a certain deadline. As of Monday, nothing from the hospital was on Ransom House’s leak site.
Marcén added that the regional government was “focusing on recovering the information” impacted by the attack, although it was not yet clear whether the hospital’s data backups were also compromised, El País reported.
Staff at the hospital have been forced to write on paper and do not have access to electronic patient data-sharing systems. The facility’s press department announced that urgent cases are being diverted to other hospitals.
“We can’t make any prediction as to when the system will be back up to normal,” the hospital’s director, Antoni Castells, told journalists, adding that there was a contingency plan to keep services functioning for several days although he hoped the system would be fixed sooner.
Tomàs Roy, the general director of the Catalan Cybersecurity Agency, said the attackers “have used new attack techniques,” but didn’t specify what they were.
Recovering from the attack will be “gradual,” reported El País, as IT staff will need to ensure that systems aren’t restored while the attackers maintain some access to the system.
Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.