Cyber Incident Victim: Fundación Arturo López Pérez
Date:
Dec 2024
Location:
Chile
Summary
A ransomware attack targeted Fundación Arturo López Pérez, disrupting its oncology institute's systems and causing intermittent operational failures across administrative and medical equipment. The malware compromised access to patient portals and online appointment scheduling, leading to service delays and appointment rescheduling, though in-person care continued without interruption. Internal communications instructed staff to disconnect devices if detecting a ransom note ("inc-readme.txt"), but attackers had not established contact by the following Thursday. The institution's IT team worked to restore systems while advising caution to protect infrastructure and data, with call center operations redirecting inquiries to email due to the ongoing incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Fundación Arturo López Pérez (FALP), a Chilean oncology institute, experienced a cyberattack on December 10, 2024, when its cybersecurity team detected malware infiltration during early morning hours. The malware caused significant operational disruptions across administrative and medical systems, leading to intermittent functionality that persisted for multiple days. Internal communications from FALP’s cybersecurity team on the day of the attack alerted staff to disconnect any devices displaying a file named "inc-readme.txt" from network connections immediately, indicating ransomware involvement. This disruption delayed medical appointments and forced rescheduling of patient services, though the institution maintained uninterrupted in-person care through manual workarounds. Critical patient-facing systems were compromised, including the Mi FALP patient portal and online appointment reservation platform, while the call center remained non-operational by December 12, redirecting inquiries via email.
FALP’s IT teams initiated containment and recovery efforts immediately upon detection, prioritizing system security restoration while attempting to minimize clinical impacts. The attackers’ readme file contained instructions for restoring operations, but no direct communication had occurred between the hackers and FALP as of December 12. Operational challenges persisted through at least December 12, with staff relying on alternative procedures to sustain core cancer treatment services. The incident highlighted vulnerabilities in healthcare infrastructure, particularly the disruption risks posed by ransomware to systems containing essential patient data and medical equipment functionality. Despite ongoing remediation efforts, full system restoration remained incomplete during the initial three-day response period, with no public confirmation of data compromise or ransom demands at the time of reporting.