The RansomHouse group, which carried out a tough and sophisticated cyberattack on the Clínic de Barcelona hospital on March 5, has once again released part of the stolen data. It is the third data leak carried out by cybercriminals, at a time when the health center has recovered practically all damaged systems.
Clínic sources affirm that specialists are still studying what type of data has been published in this third batch. The first broadcast took place on March 30, after the hackers demanded a $4.5 million ransom in exchange for resetting the systems and returning the stolen information.
By way of duress, on April 16 there was a new information dump of part of the 4.5 gigabytes of data stolen in total. This delivery included an Excel document with at least dozens of usernames and passwords to access clinical trials, results and diagnostic images.
In addition, the hackers published digitized signatures of doctors with their names and their corresponding collegiate numbers, information that could be used to falsify prescriptions, and recordings of Zoom meetings of different hospital teams.
The hospital and the Agència Catalana de Ciberseguretat continue to work in coordination as they have done since the cyberattack occurred. They remember that “the total or partial publication of the data is a crime”. In the two previous installments, the pirates used different methods to spread the information.
This third installment occurs almost exactly four months after the attack that caused not only the theft of data from patients and hospital workers, but also a very serious impact on hospital activity that lasted for weeks, even months.
The day after the RansomHouse intrusion, the Clinic had to perform 150 surgeries and cancel between 2,000 and 3,000 outpatient visits. In addition, he could not carry out the scheduled extractions that day, more than 300. The radiotherapy service, whose equipment is connected to the hospital’s computer system, was not working for weeks and the patients had to be treated in other hospitals.
The hackers took more than three weeks to publish what in slang is called “life certificate”, proof that they were in possession of the stolen data in order to proceed to extort money from the victim.
It was three in the morning on March 30 when the central computer crime unit of the Mossos d’Esquadra detected the first leak. The attackers had published a link on their Telegram channel that led to the hacked information accompanied by the text: “We have added another to our list. Meet the Hospital Clínic de Barcelona.”
It was a volume of information between 3 and 4 gigabytes, one thousandth of the total theft. “These are personal data of patients, professionals, collaborators and providers of the hospital”, specified the medical director, Antoni Castells.
In the folders and files appeared administrative documents, analysis results or clinical histories, with names of patients and employees, as well as email messages between hospital staff and other centers or laboratories.
