Ransomware, Incident Response, Critical Infrastructure Security

Barcelona hospital experiencing care delays after RansomHouse attack

Computers connected to the network are victims of ransomware attacks

A cyberattack struck the Hospital Clinic of Barcelona on March 4, crippling the Spanish hospital’s emergency room, laboratories and clinics, officials confirmed at a March 6 news conference. Pharmacies at three main facilities and other external clinics were also impacted.

One of the city’s primary hospitals, officials stated 150 non-urgent surgeries and nearly 3,000 care appointments were affected. Clinicians are leveraging paper processes to maintain hospital operations, while new emergency patients are being diverted to local hospitals.

The hospital is unable to access patient records or communicate on normal channels between care sites. The incident appears to have brought down the hospital website, as well.

The technical recovery work to “combat the impact of the cyberattack has allowed access to part of the affected information systems to be reactivated, and in this way, it will be possible to recover part of the planned assistance activity,” according to a March 6 update to the Government of Catalonia website.

The same update noted the goal was to recover between 40% and 50% of the elective operations at its Villarroel headquarters by the end of March 7.

“The criteria for recovering activity is that there is maximum safety for the patient and for this reason the forecast is that it will be done in a very progressive manner,” officials said.

Clinicians are maintaining care through a contingency plan. However, the Hospital Director Antoni Castells said the plan would allow the hospital to operate “for several days” and was unable to provide an estimate of when the systems would return to normal. As seen with a similar incident against a hospital in France in August, these outages can last for several weeks.

Cyberattacks pose patient-safety risk in healthcare

It appears the attack was deployed from outside of Spain by a threat group known as RansomHouse, a group that emerged in May 2022. The group previously claimed its tactics focused on exploiting unpatched vulnerabilities to steal data from targeted victims, while blaming the victims for failing to secure their networks.

Hospital officials said the attackers have not made any ransom demands and stressed they will not be paying any ransom to the attackers.

Early Tuesday morning, the hospital’s Twitter account announced the IT team has recovered 10% of its care consultation activities and some elective surgeries are being held.

For now, the hospital’s oncology radiotherapy, extraction center, and patients with urgent codes are being redirected to other care sites. All urgent and hospitalization activity is being diverted to care sites unaffected by the cyber incident.

The government's Department of Health is leading care coordination between the impacted care network to other hospital centers.

As SC Media has extensively reported, cyberattacks pose serious patient-safety risks. In particular, attacks that impact mission-critical functions, such as oncology tech, can cause care delays that affect care outcomes. 

Saif Abed, MD, director of cybersecurity for the AbedGraham Group previously told SC Media, said network outages “severely hamper clinicians’ ability to assess patients. And any patient, which is a significant number, that requires medical imaging must be transferred elsewhere. This is suboptimal and delays clinical management and decision making.”

The latest estimates in JAMA showed ransomware attacks on U.S. healthcare delivery organizations doubled between 2016 and 2021. While some outlets have questioned the actual patient safety risks, the report contained documented evidence of care delivery disruptions for 166 of the 374 analyzed attacks.

At least 32 of these incidents led to disruptions that exceeded over two weeks, 41.7% of which included electronic system downtime.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.