RansomExx leaks 52GB of data from Barcelona health centers

Fraud and cybercrime management , Healthcare , Industry specific

Consorci Sanitari Integral says fully recovered from ransomware attack

Mihir Bagwe (MihirBagwe) •
October 13, 2022

A ransomware gang claims to have released information including medical test results and stolen identity cards from a Barcelona hospital system that serves more than a million patients each year.

See also: On demand | API Protection – Your API Protection Strategy

RansomExx says a 52-gigabyte file posted on the dark web on Tuesday contains data from Consorci Sanitari Integral, a public entity that provides medical and social services.

CSI says it is working alongside the Cybersecurity Agency of Catalonia and the Catalan Data Protection Authority to limit the extent of the breach.

The hospital system of more than 3,000 doctors and staff acknowledged a “compromise in data privacy”. It detected a ransomware attack in the early hours of October 7, resulting in three days of reduced functionality at Barcelona hospitals Dos de Maig and Creu Roja de l’Hospitalet and at the nearby Moisès Broggi facility in Sant Joan Despí. Ten other health centers were also affected, the majority of them in the southern suburbs of the city.

Spanish newspaper El País reports that emergency services were not affected but medical equipment for visits to specialists, including X-ray machines, was not available.

Catalan public broadcaster Corporació Catalana de Mitjans Audiovisuals reported that staff at affected hospitals said they could not access computerized patient records, medication plans or diagnostic tests. The attack also affected the courier service for healthcare workers.

CSI said on Tuesday it had fully restored its systems using a backup copy from the cloud. Defenses including network segmentation and firewalls limited the impact of the attack, he said.

Restoration steps included updating more than 3,000 computers with new software and providing new computers to primary care centers.

On Sunday, the office of the president of the government of Catalonia attributed a speedy recovery already underway to a security plan drawn up two years earlier by the Cybersecurity Agency of Catalonia and the Ministry of Health.