The "sophisticated and complex" cyberattack that struck the Hospital Clínic in Barcelona this Sunday was carried out from outside the borders of the Spanish state, and the Catalan Mossos police and Interpol are working to discover its origin, as has been detailed by Sergi Marcén, Catalan secretary for Telecommunications and Digital Transformation, in a press conference to explain the attack. Twenty-four hours after it was detected, work is being done to determine the extent of the cyberattack, attributed to the pirate operation Ransomhouse, which specializes in ransomware attacks. New techniques have been used in the attack, far from the classic modus operandi for this type of cyber-crime. This fact demonstrates an ability to evolve, highlights Tomás Roy, director general of the Cybersecurity Agency of Catalonia. The attackers have not yet sent any message demanding a financial ransom for the data, but officials assure that "there will be no negotiation to pay even a cent".
For his part, the medical director of the Hospital Clínic, Dr Antoni Castells, has quantified the effects at around 150 medical operations, up to 3,000 appointment and between 300 and 400 tests suspended as a result of the cyber attack on the Barcelona university hospital, a major public facility in the city, and rated as one of the top hospitals in the Spanish state. Yesterday, on Sunday, the activity at the hospital was mainly confined to emergencies and therefore most work was carried out as normal but more slowly, using paper means instead of the usual digital system. Castells, Roy and Marcén all insisted that the SAP database system is intact and has not been affected, but rather it is the communication system that has been damaged as a result of the attack and, therefore, data cannot be accessed nor new information added to it.
Progressive restoration of key services from Tuesday
A classic ransomware cyberattack of this type invades a computer system, takes control of data and prevents normal operation. The criminals' aim is to get the institution to pay a ransom in order to have their data and systems unlocked and returned to normal. In this attack on the Hospital Clínic, after two days of being badly affected by the attack, the hospital has announced that a progressive restoration will take place on Tuesday, with some outpatient consultations resuming (patients will receive calls to confirm their visit) as well as around 40-50% of elective surgery. Among the data affected by the attack has been that related to contacting patients, and for this reason the end users of the hospital have been unable to be notified personally that their scheduled appointments were suspended, but rather are being notified through social networks and the media. Castells has asked people to only go to the hospital for emergency cases: "Everyone who comes will be attended to, because the emergency services are functioning", summarized the doctor, who thanked the Clínic workers who went to to work at the centre on Sunday when they were not rostered to do so, also expressing gratitude to support from other hospitals in Barcelona.
Meanwhile, the Clínic offices and pharmacy areas are operating as normal, but prescriptions have to be made out on paper, which slows down the whole process. Apart from the hospital, the CAPSBE has also been affected by the cyberattack, that is to say the primary medical attention centres, or CAPs, of Casanova, Borrell and Les Corts, which use the same information system as the Cl'inic and which this Monday are working with paper and a focus on emergency care. As for the day hospitals, they are operating normally as information from last week has been retrieved.