Cyber Incident Victim: Hospital Garcia de Orta
Date:
Apr 2022
Location:
Portugal
Summary
A cyberattack targeted Hospital Garcia de Orta, disrupting operations but allowing most clinical activities to continue except for external consultations, which required rescheduling. Contingency plans activated paper-based clinical records, and patients needing hospital-dispensed medication were instructed to visit pharmaceutical services with physical prescriptions. The hospital urged the public to avoid non-essential visits to prevent emergency department overload while collaborating with national cybersecurity authorities and law enforcement to restore affected servers. Efforts focused on minimizing patient impact, though disruptions persisted until normal operations could resume.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 26, 2022, Hospital Garcia de Orta (HGO) experienced a cyberattack during the early morning hours, disrupting its information systems. The hospital maintained most clinical operations that day but suspended all external consultations. First-time patient appointments proceeded as scheduled, while follow-up consultations were postponed for rescheduling at the earliest opportunity. Patients requiring hospital-exclusive medications were instructed to visit pharmaceutical services with physical prescriptions or medication packaging to facilitate dispensing. All clinical departments activated paper-based contingency protocols to preserve patient record continuity during the system outage. Hospital administration urged the public to avoid non-essential visits to prevent emergency department overcrowding caused by the technical limitations.
HGO immediately engaged Portugal's National Cybersecurity Center (CNCS) and Judiciary Police to investigate the incident and coordinate remediation efforts. Technical teams prioritized restoring affected servers while clinical staff adhered to manual documentation procedures using physical records. The hospital acknowledged service disruptions and apologized for patient inconveniences while emphasizing ongoing recovery efforts. No ransomware specifics, data compromise details, or attacker attribution were disclosed in the initial statement. HGO committed to providing further updates if warranted by developments in the restoration process or investigative findings.