cybercriminals demanding €4.2 million from the Hospital Clinic

  As reported by the Mossos d’Esquadra this Thursday, April 13, RansomHouse, the group of cybercriminals demanding €4.2 million from the Hospital Clinic de Barcelona has released more of the stolen data onto the dark web.

Cyber specialists from the Catalan force had previously managed to block the flow of stolen data but the criminals somehow found a way to reopen the portal and subsequently posted more of the stolen data online, according to elperiodico.com.

RansomHouse, the group of cybercriminals demanding €4.2 million from the Hospital Clinic de Barcelona to avoid sensitive data being published online, has now issued a further statement.

According to larazon.es, the group insisted this Thursday, April 6, that unless its demands are met, it will release more data online, this time on patients suffering from infectious diseases and on the use of experimental drugs in the medical facility.

As reported last Tuesday 4, the Mossos d’Esquadra managed to block access to the data stolen in the cyber attack at the beginning of March. Between three and four gigabytes of information found its way onto the dark web as threatened by the hackers, but the Catalan police have halted this for the time being.

After being thwarted, RansonHouse issued its new threat to the Generalitat, which refuses to pay the ransom. “We will publish a new data package in the short term”, they insisted.

UPDATE: Saturday, March 11 at 3:55am

A group of hackers called RansomHouse claimed responsibility for the ransomware attack last Sunday 5 on Barcelona’s Hospital Clinic. They have since demanded payment of €4.2m ($4.5m) from the government to prevent them from publishing online or reselling the data that it stole.

Sergi Marcen, the Secretary of Telecommunications and Digital Transformation of the Generalitat, assured: “We will not pay or negotiate with these cybercriminals”.

Among the data that the criminals could publish are research and trials on cancer and autoimmune diseases, fields in which the Clinic is a leader. This Friday 10, five days after the cyberattack, the hospital was still working without internet with its professionals working manually, on paper, like 20 years ago, as reported by elperiodico.com.

Monday, March 6 at 8:27pm

According to two experts today, Monday, March 6, the ransomware cyberattack that hit Barcelona’s Hospital Clinic yesterday, Sunday 5, originated from outside Spain. This was announced in a press conference by Sergi Marcen, the Secretary for Telecommunications and Digital Transformation of the medical facility.

His claim was backed up by both Dr Antoni Castells, the hospital’s medical director, and Tomas Roy, the general director of the Catalan Cybersecurity Agency. The incident: “is not an attack that has come from the Spanish State, it comes from outside Spain”, they stated jointly.

The three men described the attack as ‘complex and transversal’ and explained that it came from a cybercrime company called Ransom House. “Normally, Ransom House carries out these types of attacks in exchange for money, but so far they have not been in contact”, said Marcen.

These attacks normally consist of disabling a computer system in exchange for a payment to recover the information, but Marcen assured that “there will be no negotiation to pay”.

As a result of the attack, about 150 elective surgeries, 500 extractions and some 300 external consultations are still unscheduled. Urgent cases such as heart attacks or strokes will be redirected to other medical facilities. “We cannot access the information of the patients”, they explained.

Sunday’s attack affected communication between hospital departments and for now, it is not possible to access histories and other patient data, although Castells has assured that this information “is not affected”.

It is not yet known to what extent the cyberattack could have affected the data, although they assured that “it has been a complex attack, we have evidence that data has been leaked, and we are in the process of analyzing it”

Castells warned that they do not know exactly when they will be able to recover full activity. “The contingency plan allows us to work many days like this, but we hope it won’t be necessary”. As of midday on Sunday, the centre launched the contingency plan, because it was not possible to access the necessary information or add new ones.

As a result, they were able to deal with emergencies in the normal way, but working with a pen and paper and at a much slower pace. As for the 800 hospitalized patients, the director stated that they have been able to receive proper care.

The cyberattack affected the hospital’s three sites – Villarroel, Plato, and Maternidad – as well as the three primary care centres managed with ICS: Casanova, Borell, and Las Corts.

Castells has also requested patients who had an outpatient visit to please not attend. “Let no one suffer, if assistance is necessary, they will have it until the Clinic returns to 100% activity”, he stressed.