Cybercriminals demand $4.5m ransom from Hospital Clínic

Authorities say they will not make payment as attack delays 300 surgeries and 11,000 outpatient visits 

A medical professional caring for patients taking manual notes, on March 7, 2023
A medical professional caring for patients taking manual notes, on March 7, 2023 / Hospital Clínic
Guifré Jordan

Guifré Jordan | @enGuifre | Barcelona

March 10, 2023 10:43 AM

March 10, 2023 11:27 AM

Ransom House cybercriminals have demanded a $4.5 million ransom from Barcelona's Hospital Clínic.

The public medical center was the victim of a ransomware attack detected on Sunday that has severely disrupted its normal activity and has forced professionals to take notes by hand this week.

In a press conference on Friday, the Catalan telecommunications secretary, Sergi Marcén, explained that those who perpetrated the attack have recently contacted them – yet, he made it clear that the Catalan government does not intend to pay this sum.

"There is no deal with them and the government will not pay a cent," he said.

"They have told us they have been able to access 4 terabytes of leaked data. We do not know which data it is yet."

Medical professionals working with papers at Hospital Clínic on March 7, 2023
Medical professionals working with paper notes at Hospital Clínic on March 7, 2023 / Hospital Clínic

Hospital Clínic's medical director, Antoni Castells, explained that over 300 surgeries and 11,000 outpatient visits have had to be delayed since Sunday due to the cyberattack, as well as 4,000 blood and urine tests.

At the moment, 90% of complex surgeries and 40% of the other surgeries are being carried out again in the hospital, as well as 70% of outpatient visits, but radiotherapy for cancer patients is still not. 

"We will see if we can resume the activity on Monday," said Castells, explaining that 25 patients receiving such treatment have been transferred to Hospital de Sant Pau, also in Barcelona.

He also explained that around 200 contingency computers are now working, which enabled the medical center to access some patients' medical histories, and the health department has provided the center with another 80 computers.

'Very high risk of data leak'

"There is a very high risk that this data is leaked and we are already working on a contingency plan," said Ramon Chacon, a senior official for the Catalan police, the Mossos d'Esquadra.

He said they are patrolling the internet and the dark web and will take prompt action to remove the data from any server as soon as it is published.

Chacon also backed authorities by saying that "when faced with such blackmail, one never has to pay because that would provide hackers with more funds" to perpetrate even larger-scale and more sophisticated attacks.

"If no one pays, there will be no attacks, they will not do all this work if they see they will get no money in exchange," he added, making it clear that the criminals' main aim is financial.

The police official said that the Mossos d'Esquadra also aim to identify and arrest the cybercriminals, but "it is usually very difficult to find them, they are seldom identifiable."

In 2022, 68,000 cybercrimes were perpetrated in Catalonia, and around 600 of them (1%) were ransomware attacks, according to the Mossos.