
A ransomware attack has targeted against Hospital Clinic de Barcelona, shutting down its computer system and forcing the cancellation of 150 non-urgent operations and up to 3000 patient check-ups.
At the time, the institution said it was working to determine the scope of the leak and restore systems. A few hours after first reporting the incident, Hospital Clinic published a new post, saying 10% of visits for external consultations would be restored by today, alongside some non-urgent operations.
The attack was attributed to the threat actors known as RansomHouse that typically does not encrypt the data but instead focuses on data exfiltration. Cybersecurity agencies in the region was working to restore the hospital’s systems
Experts says that this was a remote access attack and the attack originated outside of Spain. This means that the malicious actors could breach the hospital network remotely. The malicious actors were able to spread laterally considering that multiple locations were shut down (laboratories, emergency rooms, pharmacies, and several external clinics).
Due to the data exfiltration nature of the threat actor, indicates that shutting down the computers was done to prevent further data exfiltration. This conjecture is further supported by the fact that the hospital seems to indicate that it will not pay the ransom, leading me to believe that it still has access to all its data.