Cyber Incident Victim: Centro Hospitalar de Setúbal E.P.E.
Date:
Apr 2022
Location:
Portugal
Summary
A cyberattack disrupted the hospital's operations, forcing most clinical activities to proceed with contingency measures while external consultations were postponed for rescheduling. Patients requiring hospital-exclusive medications were instructed to present paper prescriptions at pharmaceutical services. All departments activated paper-based clinical record systems to maintain functionality. The institution urged the public to avoid non-essential visits to prevent emergency service overload and confirmed ongoing coordination with national cybersecurity authorities and law enforcement to restore affected servers. The hospital acknowledged service disruptions and committed to providing further updates as recovery efforts progressed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 26, 2022, Hospital Garcia de Orta (HGO) experienced a disruptive cyberattack that compromised its information systems during overnight hours. The incident forced the hospital to suspend outpatient consultation services while maintaining most other clinical operations. First-time patient appointments proceeded as scheduled, though follow-up consultations required postponement with commitments to rapid rescheduling. Pharmaceutical services implemented contingency measures, instructing patients reliant on hospital-dispensed medications to present physical prescriptions or medication packaging for verification during collection. Clinical workflows transitioned entirely to paper-based record-keeping across all departments as part of activated emergency protocols.
The hospital publicly appealed for reduced non-essential patient visits to alleviate strain on emergency services, citing operational constraints imposed by the cyberattack. Technical recovery efforts focused on restoring affected servers, with HGO collaborating continuously with Portugal's National Cybersecurity Center (CNCS) and Judicial Police throughout the incident. No restoration timeline was provided, though officials emphasized expedited remediation efforts. Service disruptions and workflow modifications caused significant patient inconvenience, acknowledged by hospital leadership through public apologies and requests for understanding. HGO committed to providing further situational updates pending developments in the recovery process.