RansomHouse cybercriminals publish stolen Hospital Clínic data

Cyberattack on medical center detected in early March, preventing doctors from providing regular service

Medical professionals working with papers at Hospital Clínic on March 7, 2023 / Hospital Clínic

Catalan News | @catalannews | Barcelona

First published: March 30, 2023 11:26 AM

Latest update: March 30, 2023 08:07 PM

RansomHouse, the cybercriminal group behind the Hospital Clínic attack, have published sensitive data they obtained during the hack.

A cyberattack on the medical center was detected in early March, forcing the hospital's website to be shut down, and many elective surgeries and outpatient visits were unable to go ahead as planned.

After some weeks, Hospital Clínic returned to providing most of the scheduled services and appointments.

Catalan authorities vowed not to pay the $4.5 million ransom demanded by the cybercriminals group RansomHouse, and on Thursday, the group published the data they had stolen as part of the attack.

The medical director of Hospital Clínic, Antoni Castells, and officials from the Catalan Cybersecurity Agency gave a press conference explaining that data from patients, professionals, and providers was stolen.

Authorities explained that the information is available for free and for everyone that has enough knowledge to access the 'dark web.'

Meanwhile, the Catalan cybersecurity agency has already announced that they are expecting more data to be released in the upcoming weeks, as RansomHouse typically does. Hackers have announced they have 4.4 terabytes of data.

Tomàs Roy, director of the cybersecurity agency, even expects that all of the stolen information will get published in two months unless authorities pay the amount requested by the hackers.

One of the warnings Roy made during the press conference is the possibility that those people whose data has been stolen could receive emails or texts from hackers, and he recommended not to open any messages or external links coming from unknown senders.

"It is important always to check the sender's origin to avoid being hacked," Roy said.

Meanwhile, Catalan Mossos d'Esquadra police said that using or downloading any published data could incur a crime, as they have been obtained illegally.

In fact, law enforcement agents have successfully blocked two international servers used by criminals on two different continents, but as the data is hosted on the 'dark web,' it cannot be indexed and therefore, it is impossible to be erased.

Listen to the episode of our podcast, Filling the Sink, about the Hospital Clínic attack published on March 18 here.

Hospital Clinic ransomware cyberattacks