the company of cybercrime Ransom House claims the Government to pay €4.5 million not to make public or resell the data of the Hospital Clinic de Barcelona that he stole last Sunday with a ransomware-type cyberattack, which continues to affect the activity of the medical center. “We will not pay or negotiate with these cybercriminals,” has insisted Sergi Marcen, the Secretary of Telecommunications and Digital Transformation of the Generalitat. Among the data that could be published are research and trials on cancer and autoimmune diseases, fields in which the Clínic is pointer. This Friday, five days after the cyberattack, the hospital is still without internet and its professionals, working manually on paper.
These criminals, who come from outside Spain and used a “novel” technique to commit the computer aggression, have contacted the Generalitat in the last hours with this latest claim. The Government is already working on a “possible data release” scenario, something that can be produced “whenever”, and is making a protocol to prevent Clínic professionals and patients from receiving false messages, with the excuse that the hospital has lost your data (which is not true: the Clínic cannot access this data at the moment, but it has not lost it). “Let us distrust always from the messages they ask for money or data, and let’s avoid clicking on suspicious links,” said Thomas Roy, CEO of the Cybersecurity Agency of Catalonia.
Research leaks on the ‘dark web’
The Mossos d’Esquadra believe there is a “high probability” that they will be published, “whenever”, these dates. “We will patrol the ‘darknet‘ and, by the time this occurs information leakwe will remove it from the system so that it does not run through the net”, has pointed out for his part Ramon Chacon, head of the General Commissioner for Criminal Investigation of the Mossos.
Today, 15% of the hospital’s digital systems are up and running, according to Marcén. He has insisted that the data of the clinical history shared with the Department of Health have not been compromised, but only that of the hospital. Marcèn assures that the Government does not know what hospital data cybercriminals have accessed because it has not yet been possible to access the backup copies, but investigation sources assured EL PERIÓDICO days ago that the theft of clinical trials on cancer and autoimmune diseases is of main concern.
“In the last few hours, cybercriminals have contacted us. They are asking us for $4.5 million to release and not publish the data. There is no type of negotiation with them. They have told us that they have collected up to four tera of data”, Marcén pointed out. As proof of life they have sent an image of the “Main hospital life tree”.
Chacón has warned that any company that buys this data would also be incurring a crime. “The possibility of selling and buying these credentials exists, but there is not a large clientele. There is not a large market, but this sale and a transfer of information can be made, “said the mosso.
progressive recovery
The Hospital Clínic, which has already recovered 40% of complex activity, 40% of the less complex surgical activity, 70% of the outpatient consultations and the stroke and heart attack codes, believes that, “if all goes well”, it could return to normality “on Monday or Tuesday”. This is what the medical director said, Antoni Castells.
However, the toilets continue to work manually, on paper. “Laboratory and pharmacy are the ones that have suffered the most from this attack because they have had to do all your work on paper. All pharmaceutical prescriptions have been made on paper”, Castells added. despite all this “huge effort” however, throughout this week the Clínic has stopped doing more than 4,000 outpatient tests (yes they have been made of all those admitted), more than 300 interventions and more than 11,000 visits to external consultations.
Nor could it be done oncology radiation therapy: 25 Clínic patients are being treated in Sant Pau and another 10 who were going to start treatment here have started it in Sant Pau and Vall d’Hebron. The Clínic has been able to “get” more than 200 “contingency” computers to access the medical history of patients, and another 80 computers have been able to access the shared medical history.
0.02% chance
Marcèn has defended that the hospital was “well prepared” to prevent cyberattacks and that it has “good information systems”. “But there’s always a small chance, 0.02%, that these things happen and unfortunately it has happened”, Secretary of Telecommunications and Digital Transformation of the Generalitat. Therefore, there will be no fine or penalty for the Clinic for what happened.
Roy has said the same thing. “As the Cybersecurity Agency of Catalonia we have verified that the Clinic was well protected. It is not only a leading hospital in medicine, but also in the technological field, with a very high protection capacity”, has secured.
Right now the efforts of the Generalitat are focused on ensuring that there is no “new incidents”. “Hospital you have not lost any data, The data is there, but we can’t access it. So If they call you asking for information with the excuse of this incident, know that it is false. Be wary of messages that ask you for money or credentials, and don’t click on suspicious links,” he said.
The ‘modus operandi’
According to Chacón, the attack suffered by the Clínic contains a double extortion. First the cybercriminals include an infectious code in the hospital system and blocks it from working. There he asks for money to unlock.
But, if you don’t pay, they steal the data and threaten to sell them to third parties to make them public. “These groups want profit, we rule out other criminal activities,” said the mosso. The goal of the police is to restore the system, block this data from being sold or published, and identify and bring these criminals to justice (difficult because they come from abroad).
Related news
“You should never pay It is advice from all the police in the world. If we pay up, we financially endow these organizations and they could do many, many more attacks. The only way to stop this is for nobody to pay.” has defended.
In 2022, Catalonia received 68,000 activities related to cybercrime, most scams. Of the ‘ransonware’ type, like the one now suffered by the Clinic, there were about 600, 1% of the total.