The Hospital Clínic de Barcelona suffers a cyberattack and deprograms visits and surgeries until it is resolved

An image of the facade of the Hospital Clínic de Barcelona.

/ Quique Garcia (EFE)Quique Garcia (EFE)

The Hospital Clínic de Barcelona suffered this Sunday, before noon, a cyberattack that affects the emergency services, the laboratory and the pharmacy.

The hospital has coordinated with the Emergency Medical Service (SEM) so that it does not transfer patients to the center and refer them to other hospitals in the city, although if they arrive on their own foot they are treated.

Tonight the center has reported that while the attack is not resolved, it deprograms surgeries and visits and radiotherapy sessions.

But it maintains hospitalization on the floors and the emergency room (except for stroke or heart attack codes, which will derive), in addition to the radiology service, endoscopic tests and dialysis.

During the day, the hospital center explained that many of the activities that are carried out with systems, such as inventory or records, must be done "by hand" but it has not specified whether the attack affects the data or medical records of the patients.

The general secretary of CC OO at the hospital, Àlex Duque, has indicated that it is unknown if cybercriminals have stolen patient data.

"[The attackers] They have closed the access doors and when the last one is opened it will be known if there is an affectation or not, if the records are encrypted or not," he warned.

For the medical and nursing staff, it has been a disconcerting day, of walking more than necessary, with systems that worked and others that did not;

histories to which they have had access and others to which they have not;

or only partially.

Neither has it affected all the plants in the same way, they have reported patients who came out of the emergency room or families who came to visit relatives.

Meanwhile, the hospital's public website is down and the center has only made one note on Twitter all day.

The #CLINIC has rebutted a tipus Ransomware cyberattack.

It affects laboratory, pharmacy and emergency services.

More information 👇 https://t.co/zuDtisSAVO

— Hospital CLINIC (@hospitalclinic) March 5, 2023

The Catalan Cybersecurity Agency was notified by the hospital at 11:17 this morning that it was the victim of a Ransomware-type cyberattack, an attack that encrypts the data of a system to later request a ransom in exchange for releasing it.

The center does not report for now what are the demands it has received to recover the data.

At 11:30 a.m., the deployment of the action plan to respond to the incident began, the Government has reported, which has channeled the two official communications of the day.

The health center has coordinated with Health and the other hospitals in the city so that they attend emergencies, medical transport and stroke codes.

Various sources explain that there was a first attack attempt on Friday night.

The relatives or patients who were leaving the hospital this afternoon recounted various situations: since they have not noticed any difference in the treatment of their relatives;

until nurses can't access patient records... or only in part.

In any case, hospital staff have been forced to make kilometers of corridors and stairs for consultations that they usually resolve in front of a screen.

"I have come due to severe cervical pain and they have been able to do X-rays, but the doctor has had to go to the radiology department to see them on the screen," explained José as he left the hospital with old prescriptions in hand, the green ones, and written by hand.

"Notifying families that their patients had undergone surgery and were going up to the floor has been a hassle, the staff went from one floor to another," Sheila related.

Rafael, on the other hand, visited his mother, who had stomach surgery, and he has not noticed any difference compared to other days.

And Elena Galdaba, came out to see her brother, in oncology, and she did report that the staff could not enter her history, or only partially: "The medication, yes, because they have it written down in the folder they carry with the clamp, but for go down to the blood bank [for a transfusion] they need the authorization of the doctor,

Attacks on the public sector increased by 150% in Catalonia in 2022

In October last year, three other Catalan hospitals belonging to the Comprehensive Health Consortium suffered a cyberattack that caused problems in the care network of at least three hospitals (Moisès Broggi, Dos de Maig and the L'Hospitalet Red Cross) and different outpatient clinics and residences, with Incidents in the use of various of their devices necessary for visits to specialists, such as X-rays.

Other Catalan administrations that have recently suffered computer attacks have been the Autonomous University of Barcelona (UAB) or the Barcelona Metropolitan Area (AMB, in March 2021).

In the case of the UAB, the attack, in October 2021, had consequences for the operation of the faculties that lasted for months: it knocked out 1,200 servers, 10,000 computers and affected more than 50,000 users, including teachers, students and service personnel.

The Government authorized a loan of almost 3.5 million euros from the contingency fund to help restore normality.

A report on cybersecurity in Catalonia in 2022 prepared by the Generalitat and dated last month, provides data on the increase in attacks and the lack of professionals in the sector.

The study states that computer attacks increased by 30% in 2022 compared to 2021 and that 74% have used social engineering tools, in which cybercriminals gain the trust of users.

The report indicates that computer attacks on the Catalan public service have increased by more than 150% compared to 2021 and that

it is the main cause of cyberattacks against administrations, with 35% of incidents published since 2019. The same document warns that despite the increase in professionals with knowledge of cybersecurity, it grew by 23% in 2022, 10,000 professionals are missing: 57 % of the needs of the sector (the gap between what exists and what is demanded by the market).

You can follow EL PAÍS Catalunya on