The Hospital Clínic de Barcelona suffered a ransomware attack on Sunday morning, severely disrupting its healthcare services after the institution’s virtual machines were targeted by the attacks.
The 819-bed hospital is based in Barcelona, Spain, and serves over half a million people seeking medical attention and healthcare services.
According to a statement issued by the Government of Catalonia, the Hospital Clínic de Barcelona suffered an attack by the RansomHouse ransomware operation.
RansomHouse launched in May 2022 as a data extortion marketplace, claiming not to use ransomware in their attacks. However, they were soon linked to the WhiteRabbit ransomware encryptor and to numerous ransomware attacks, including those on ShopRite, eight municipalities in Italy, and ADATA.
The government statement also mentions that the cyberattack impacted the emergency services of three medical centers associated with Clínic de Barcelona, including CAP Casanova, CAP Borrell, and CAP Les Corts.
“This is a cyberattack that has occurred in virtualized environments. It has been a sophisticated and complex attack that did not involve classic techniques, indicating an evolution by the attacker,” mentions the Catalonia government announcement (machine translated).
“Work is underway to determine the extent of the damage and the infiltration in a coordinated manner with the Mossos d’Esquadra and Interpol.”
The hospital’s SAP system wasn’t impacted, but all applications and communications remain broken as work to restore critical systems continues. This means that patient information for physicians is out of reach, and the situation impacts care services.
Clinic Barcelona employee using pen and paper (govern.cat)
Moreover, 800 urgent cases admitted to the hospital on Sunday had to be dealt with manually, and hence more slowly, so some cases were diverted to other hospitals in Barcelona.
Additional health assistants and administrative staff have been added in Clínic de Barcelona to minimize the impact and help bridge communication between the various departments.
Radiology, endoscopic tests, radiological scans, dialysis, and outpatient pharmacy services will continue operating normally.
Unfortunately, 150 non-urgent operations scheduled for the upcoming weeks have been canceled, and 3,000 appointments were called off.
These urgent plans will remain in place for at least a couple of days more, while the time to return to normal operations is impossible to determine currently, according to Clínic Barcelona’s hospital director, A. Castells.
When writing this, the RansomHouse data leak site has not leaked any data belonging to the Spanish hospital, but it might be too soon for the victim to appear on the threat actor’s site.
This same threat group previously leaked data from the Kerlaty healthcare organization that was attacked in November 2022.