Portugal: Cyberattack on Hospital do Divino Espírito Santo Impacting Notification of COVID-19 Test Results
The Hospital do Divino Espírito Santo de Ponta Delgada was hit with a cyberattack that was detected on June 24. As of today, the hospital is still working to recover from the attack while prioritizing notifying people who tested positive for COVID-19 in recent tests. Those who tested negative have experienced delays in notification.
In an update today, SAPO reports that Clélio Meneses, the Secretary of Health of the Government of the Azores, acknowledged that there were delays in the disclosure of negative tests for COVID-19 in the region due to the cyberattack. A translation of his statement reads:
“Our concern was to notify positive cases. There is work to be done to recover all those negatives that were not notified, due to impossibility. It wasn’t because of incompetence, it wasn’t because of ill will, it was because of the impossibility of proceeding with this notification”, said Clélio Meneses.
As of the time of this publication, the hospital’s web site could not be reached. Email to the hospital did not bounce back but was not immediately answered, and we have no information about the type of malware used in the attack or the scope of any encryption or exfiltration of data.
A statement from June 24 can be found on the hospital’s Facebook page. A Google translation, below, suggests that the attack started a few days before June 24 and the incident may or may not be linked to an earlier incident this past month:
Detected attempted external intrusion into the HDES computer system (cyberattack)
HDES computer network has been targeted in the last few days an external attempt at intrusion, often cyberattack, through the use of malware.
Given the seriousness of the attack, the HDES CA immediately triggered the protocol for situations of this kind, which went through isolating the internal computer network to avoid extensible damage to the Regional Health Service systems in general.
Contingency plans have been put in place, which means there may be increases in waiting time in certain services, delayed access to patients’ clinical information and the use of many other computer-based services that we take as acquired today.
Internal internet access has also been temporarily suspended.
Given the seriousness of the problem, which exceeded our internal capacity, it was necessary to intervene from regional government technicians, who are currently managing the rescue operations of the system.
We don’t know how long the limitations on services will be in force, but we ask that everyone adopt an even greater solidarity, given that the difficulty in carrying out certain tasks is expected to be increased, many of which need to be done again in paper.
We also ask our hospital users for understanding, as it is a situation that is at all uncontrollable at this time and will require extra effort from everyone.
It’s the second time in just 1 month HDES has been the subject of computer collapse, and we don’t know if both events are related. Still
The latest computer failure is being investigated, but the first reports have detected enormous fragility, almost incomprehensible situations where HDES has worked in recent years, and which may have facilitated both events.
The Administration of the Hospital of the Divine Holy Spirit remains to wait for the abovementioned constraints to be lifted with the restoration of normalcy, in good time, with the safety that wants for the computerized system of this Health Unit.
Reporting by Chum1ng0 and Dissent.