Cyber Incident Victim: Centro Médico Virgen De La Caridad
Date:
Dec 2022
Location:
Spain
Summary
The Hive ransomware group claimed responsibility for encrypting a significant portion of a Spanish healthcare provider's systems, affecting its hospitals, polyclinics, and specialty clinics. The attackers asserted they encrypted 30-40% of the network, including two hospitals, and allegedly exfiltrated data, though no proof was initially available. The victim's website experienced temporary downtime but resumed operations without public acknowledgment of the incident; no service disruption notices were posted on official channels. The healthcare entity did not respond to the threat actors or external inquiries, leaving the breach unconfirmed due to the absence of corroborating evidence or victim disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around December 21, 2022, the Hive ransomware group claimed responsibility for a cyberattack targeting Centro Médico Virgen De La Caridad, a healthcare provider operating two hospitals, 20 polyclinics, 23 physiotherapy clinics, 16 dental clinics, and specialized aesthetic and ophthalmological facilities across Murcia and Orihuela Costa, Spain. Hive listed the organization on its data leak site, asserting it had encrypted portions of the victim’s systems and exfiltrated data. The group’s spokesperson stated they encrypted 30-40% of the health system’s infrastructure, specifically citing the compromise of both hospitals. No communication occurred between Hive and the healthcare provider during or after the attack, according to the ransomware group. Initial attempts to access the medical center’s website following the alleged incident resulted in connection timeouts, though the site became reachable by January 2, 2023. The organization’s public-facing communications, including its Twitter account, showed no indication of service disruptions or security incidents, with its most recent social media post dated December 30, 2022.
Hive’s leak site entry referenced the presence of stolen data but did not publish a proof pack by the time of external reporting on January 2, 2023. The ransomware group maintained that the encryption occurred on December 21, aligning with their initial claim timeline. Centro Médico Virgen De La Caridad did not publicly acknowledge the incident, issue service disruption notices, or respond to media inquiries regarding the alleged breach as of the article’s publication date. The absence of confirmation from the healthcare provider and the lack of published exfiltrated data left the attack unverified pending further evidence. Operational impacts appeared limited to temporary website inaccessibility, with no documented disruptions to clinical services or patient care detailed in available sources. The incident remained under investigation by external cybersecurity observers awaiting additional corroboration from either the victim organization or leaked data disclosures.