Cyber Incident Victim: Hospital do Divino Espírito Santo

On or around June 21, 2021, the Hospital do Divino Espírito Santo (HDES) in Ponta Delgada, Azores, experienced a cyberattack detected by hospital staff on June 24. The intrusion involved malware that compromised the hospital's computer network, prompting immediate containment protocols. HDES administrators isolated the internal network to prevent regional health service system compromises and suspended all internal internet access. Regional government technicians joined recovery efforts due to the attack's severity exceeding internal response capabilities. Contingency plans activated paper-based workflows, causing increased wait times across services, delayed access to patient records, and disruptions to computerized operations. Hospital administrators publicly acknowledged the attack through a June 24 Facebook statement, noting operational limitations would persist during restoration.

The attack significantly impacted COVID-19 test result notifications, with HDES prioritizing communication of positive results while delaying negative result disclosures due to system constraints. Azores Health Secretary Clélio Meneses confirmed these notification delays stemmed directly from the cyberattack's operational disruptions, emphasizing the hospital's focus on urgent positive case alerts. This marked HDES's second major computer system failure within a month, though investigators had not confirmed a connection between the incidents. Initial reports highlighted systemic vulnerabilities in hospital infrastructure that potentially facilitated both disruptions. Recovery operations continued with no confirmed timeline for full restoration, while external website accessibility and email responsiveness remained impaired at the time of reporting. The hospital appealed for public understanding regarding service limitations and staff workloads during the extended restoration period.