Cyber Incident Victim: Hospital Universitario San José
Date:
Jun 2022
Location:
Spain
Summary
A ransomware attack targeted a hospital in Spain, identified as Hospital San Jose, involving the Snatch Team threat actor. The incident was part of a broader pattern of attacks on non-U.S. healthcare entities, including breaches in Argentina and Colombia by groups such as LockBit, Vice Society, and Conti. Despite potential obligations under regulations like the GDPR, there was no evidence of public notifications or disclosures to affected individuals following the attack. Data leaks were reported in connection with the incident, though specific details regarding compromised information or operational disruptions were not disclosed publicly. Investigations into the breach were noted, but outcomes or recovery efforts remained unclear.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In June 2022, Hospital San Jose in Spain experienced a ransomware attack attributed to the Snatch Team threat actor group. The incident occurred amid a broader global surge in healthcare ransomware attacks, with Sophos reporting a near-doubling of such incidents from 2020 to 2021. Attackers deployed ransomware that encrypted hospital systems and exfiltrated sensitive data, subsequently leaking stolen information online. This breach occurred alongside three other non-U.S. healthcare ransomware incidents affecting organizations in Argentina and Colombia during the same timeframe, though Hospital San Jose's case showed no evidence of public breach notifications despite potential GDPR obligations. The attack disrupted hospital operations, though specific details regarding the duration of downtime, affected clinical systems, or patient care impacts were not disclosed in available reports. DataBreaches.net documented the incident but found no indication that affected individuals received formal notifications about the compromise of their personal or medical information.
The hospital's response strategy and containment measures were not publicly detailed, leaving questions unanswered about whether ransom payments were made or data recovery attempts succeeded. Sophos' contemporaneous research indicated healthcare organizations that paid ransoms in 2021 recovered only 65% of their data on average, with merely 2% achieving full recovery, though Hospital San Jose's specific outcomes remain unconfirmed. No information emerged regarding forensic investigations, system restoration timelines, or coordination with Spanish data protection authorities. The absence of public disclosures contrasted with breach notification practices common in U.S. healthcare incidents, despite similar potential risks to patient privacy. DataBreaches.net solicited additional incident details and notification copies from potential victims, suggesting ongoing uncertainties about the attack's full scope and the hospital's compliance with data protection regulations.