Hospital Clínic de Barcelona suffered a ransomware attack on Sunday morning, severely disrupting its healthcare services after the facility’s virtual machines were targeted by the attacks.

The 819-bed hospital is based in Barcelona, ​​Spain, and serves more than half a million people seeking medical care and health services.

According to a statement released by the Government of Catalonia, the Clínic de Barcelona hospital suffered an attack by the RansomHouse ransomware operation.

RansomHouse launched in May 2022 as a data extortion market, claiming not to use ransomware in their attacks. However, they were soon linked to the WhiteRabbit ransomware encryptor and numerous ransomware attacks, including those on BoutiqueRiteeight municipalities in Italy, and ADATA.

The government statement also mentions that the cyberattack affected the emergency services of three medical centers associated with Clínic de Barcelona, ​​​​including CAP Casanova, CAP Borrell and CAP Les Corts.

“This is a cyberattack that occurred in virtualized environments. This is a sophisticated and complex attack that did not involve conventional techniques, indicating an evolution of the attacker,” mentions the Announcement from the Government of Catalonia (automatically translated).

“Work is underway to determine the extent of the damage and infiltration in coordination with Mossos d’Esquadra and Interpol.”

The hospital’s SAP system was unaffected, but all applications and communications remain down as work to restore critical systems continues. This means that patient information for doctors is out of reach and the situation is impacting healthcare services.

In addition, 800 urgent cases admitted to hospital on Sunday had to be treated manually, and therefore more slowly, so some cases were diverted to other hospitals in Barcelona.

Additional health assistants and administrative staff have been added to Clínic de Barcelona to minimize the impact and help establish communication between different departments.

The radiology, endoscopic examinations, radiological scanners, dialysis and outpatient pharmacy services will continue to operate normally.

Unfortunately, 150 elective operations scheduled for the next few weeks have been canceled and 3,000 appointments have been cancelled.

These urgent plans will remain in place for at least a few more days, while the time to return to normal operations is currently impossible to determine, according to Clínic Barcelona hospital director A. Castells.

As of this writing, data leak site RansomHouse has not leaked any data belonging to the Spanish hospital, but it may be too soon for the victim to appear on the threat actor’s site.

This same threat group had previously leaked data from the Kerlaty Healthcare Organization which was attacked in November 2022.