Consorci Sanitari Integral Says It Is Fully Recovered From Ransomware Attack
A ransomware gang says it published information including medical test results and identity cards stolen from a Barcelona hospital system that serves more than a million patients each year.
RansomExx says a 52 gigabytes file published Tuesday on the dark web contains data taken from the Consorci Sanitari Integral, a public entity that provides medical and social services.
CSI says it is working alongside the Cybersecurity Agency of Catalonia and the Catalan Data Protection Authority to limit the scope of the breach.
The hospital system of more than 3,000 physicians and staff acknowledged a “compromise in data confidentiality.” It detected a ransomware attack during the early hours of last Friday, leading to three days of reduced functionality at the Barcelona hospitals Dos de Maig and Creu Roja de l’Hospitalet and the nearby Moisès Broggi facility in Sant Joan Despí. Also affected were ten other health centers, majority of which in the city’s southern suburbs.
Spanish newspaper El País reports that emergency services were unaffected but that medical equipment for specialist visits including x-ray machines were unavailable.
Catalonian public broadcaster Corporació Catalana de Mitjans Audiovisuals reported that staff at affected hospitals said they couldn’t access computerized patient records, medication plans or diagnostic tests. The attack also impacted the email service of healthcare workers.
CSI said on Tuesday it fully restored its systems using a backup copy from the cloud. Defenses including network segmentation and firewalls limited the attack’s impact, it said.
Steps to restoration included updated more than 3,000 computers with new software and new computers for primary care centers.
On Sunday, office of the President of the Government of Catalonia credited a speedy recovery already then in process to a security plan developed two years earlier by the Cybersecurity Agency of Catalonia together with the department of health.