View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 6, 2023updated 26 Jun 2023 4:04pm

Devastating cyberattack hits Barcelona hospital

The attack has hit systems at several clinics, leading to cancelled appointments and operations.

By Claudia Glover

A leading hospital in Barcelona has been shut down due to an ongoing cyberattack by a criminal gang called RansomHouse. Staff at the facility’s laboratories, pharmacies and emergency services have been reduced to using pen and paper. There are no indications of when the services will be back in operation.

Hospital Clinic de Barcelona has been hit with a cyberattack. (Photo by Jordiferrer/Wikimedia Commons)

Interpol and Europol are currently investigating the attack on the Hospital Clinic de Barcelona, in cooperation with the Catalan police. 

Hospital in Barcelona hit with cyberattack

The attack took place on Sunday, with staff at the hospital locked out of systems. Other clinics across Spain were also impacted.

As of today, 150 surgeries have reportedly been cancelled, along with up to 3,000 appointments and 400 pieces of analysis. Staff are trying to process patients using pen and paper, with some being diverted to other hospitals in Barcelona. 

Online systems at the Casanova, Borrell and Les Corts primary care centres have been affected, as well as the IDIBAPS Research Institute and the Villarroel, Plató, and Maternitat outpatient sites. All of these systems were apparently running off the hospital’s virtual server system.

The perpetrator of the attack is apparently data extortion gang RansomHouse. Head of the Catalan Agency of Cybersecurity, Tomas Roy explained today that the gang has used “new attack techniques,” stating that it is “sophisticated” in its approach.

“We have evidence that there was a data leak and we are analysing it right now, said Sergei Marcen, the Catalan telecommunications director. “We won’t pay them a cent.” The attackers have not yet demanded a ransom.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

The Hospital director Antoni Castells said today that his team “can’t make any predictions as to when the system will be back up to normal,” explaining that the hospital’s current plan will allow them to operate for the next few days, and that he is hopeful operations will be back up and running before then.

RansomHouse gang – ‘disenchanted white hat hackers’ strike again? 

RansomHouse last hit the headlines when it claimed that companies do not pay enough for their cybersecurity. “Many businesses and companies are not willing to invest as much money as required to fortify their infrastructures, while they ignore or do not institute enough bug bounty plans,” the hackers wrote on their dark web blog.

The reference to bug bounty programmes led researchers at security company CyberInt to conclude that the gang may be a group of disenchanted ‘white hat hackers’ who carry out penetration testing for companies to inspect their networks, seeking pay-outs in the form of bounties if they find vulnerabilities in a system.  

“Many of the bug bounty hunter community members have been complaining for some time now about companies that do not want to pay the bounty for their hard labour while still enjoying its fruits,” the report notes. “Bug bounty programs also increase their commissions making the bug bounty hunter a very frustrating profession.”

If this is still the case, the gang has taken a ruthless turn in attacking such a large healthcare facility.

Despite this propagation of a different reputation, the gang has reportedly had links to other cybercriminal groups. Its name has cropped up in the notes of blogs of both the White Rabbit ransomware gang and the Lapsus$ Telegram channel. 

Nicole Hoffman, senior cyber threat intelligence officer at security company Digital Shadows, told Tech Monitor last year. “It is likely that RansomHouse operates as the “leak site” of White Rabbit ransomware group.

“White Rabbit has in turn been attributed to ‘Fin8’; a financially motivated threat group known for targeting banks.”

Read more: Vanuatu is showing small nations how to resist big cyberattacks

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.