Cyber Incident Victim: Hospital dos Marmeleiros

A cyber incident occurred at Hospital dos Marmeleiros on or around August 6th, 2023, which was a deliberate and malicious attack specifically designed to cause damage and disrupt the normal functioning of the Regional Health Service of the Autonomous Region of Madeira (SESARAM). This attack had a significant impact on the internal operations of SESARAM, compromising several key functional areas within its healthcare system. The primary objective of the attackers was to inflict harm and create operational chaos, rather than to achieve a more conventional goal like financial gain through extortion, as no such demands are mentioned in the available information. The immediate consequence was a severe degradation of computer systems and access to critical clinical data, which is the lifeblood of any modern healthcare provider for delivering safe and effective patient care.

In the aftermath of the attack, SESARAM initiated a large-scale and methodical recovery process to restore access to its digital systems and clinical information. This process was described as gradual and was conducted within the constraints of what was technically possible following such a severe security breach. The restoration work was prioritized to ensure that the most critical services received attention first. The initial focus was on health centers that provided Urgent Care Services, as these facilities handle acute and emergency medical situations where immediate access to patient histories, medications, and allergies is paramount for preventing medical errors and saving lives. Following the stabilization of these urgent care locations, the recovery process was then systematically extended to other clinical areas and hospitals within the SESARAM network.

The first health unit to achieve full and complete access to its clinical data following the cyberattack was the Health Center of Porto Santo. This marked an early and significant milestone in the broader recovery effort, demonstrating that progress was being made. The successful restoration at this facility served as a model for the subsequent work required at larger and more complex sites like Hospital dos Marmeleiros. For Hospital dos Marmeleiros itself, progressive access to clinical data was being established. This meant that medical professionals were gradually regaining the ability to retrieve patient records, though the system-wide functionality was not yet fully restored to its pre-attack state. This gradual return of access was crucial for clinicians to resume more normal workflows and provide care based on complete patient information rather than relying solely on fragmented or physical records.

To mitigate the risks associated with the lack of immediate digital access to patient information, SESARAM issued two specific appeals to the public. The first appeal was directed at users who were planning to visit any SESARAM health unit. These individuals were strongly urged to bring with them any personal health information they had in their possession. This included physical copies of recent test results, lists of current medications, known allergy information, and details of past medical procedures. This measure was essential to bridge the information gap created by the inaccessible electronic health records, allowing healthcare providers to make informed decisions and avoid potential adverse drug interactions or other treatment errors based on incomplete data.

The second appeal was targeted at users who utilized the mobile application of the SNS, the national health service. These users were asked to provide healthcare professionals with access to the prescription information available through that application. The SNS mobile app typically allows citizens to view their medication prescriptions digitally, and by sharing this screen with their doctor or pharmacist, they could facilitate the accurate continuation of their treatment regimens. This creative workaround highlights the extent to which the healthcare system was forced to rely on alternative, patient-mediated methods to ensure continuity of care during the IT system outage caused by the cyberattack.

Furthermore, a comprehensive testing program for both healthcare professionals and users was implemented at the Dr. Nélio Mendonça Hospital. The nature of this testing is not explicitly detailed but given the context of a cyberattack and the mention of an unrelated mange outbreak in the same facility, it could pertain to COVID-19 screening or other health checks to manage patient flow and safety amidst the operational disruption. At the Hospital dos Marmeleiros and the Dr. João de Almada facility, this testing was reported as already being underway. SESARAM also acknowledged the existence of disease transmission risks within its facilities, a statement that, while potentially related to the separate mange outbreak, underscores the additional public health challenges that can be exacerbated by a primary incident like a cyberattack that strains institutional resources and protocols.

The incident forced the health service to issue guidance on where patients should seek care, directing those in need to go to health centers and hospitals. This suggests that the cyberattack may have disrupted appointment systems, internal scheduling, or the ability to handle patient volumes efficiently, necessitating clear public communication to manage demand and direct patients to operational facilities. The attack profoundly affected the day-to-day functioning of SESARAM, creating a scenario where manual processes and patient-carried information became temporarily essential tools for maintaining healthcare delivery. The prolonged recovery effort, evidenced by the gradual and prioritized restoration of system access, indicates a severe compromise of the IT infrastructure that required significant time and technical resources to remediate. The event serves as a stark example of how cyber threats can directly impact critical public infrastructure, moving beyond financial or data theft to directly impinge on the physical well-being and safety of a community by disrupting essential healthcare services.