Cyberattacks are increasingly common, and no institution is immune to this type of scam. O University Hospital of USPbetter known as HU, was sued by ransomware on March 22nd. Since then, the systems have not been fully functional again, and care is restricted to urgencies and emergencies.
The University Hospital of USP is located on the university’s campus in the Butantã neighborhood, in the west zone of São Paulo (SP). It serves students, teachers and employees, in addition to serving as an emergency room for residents of the region.
A person linked to the HU sought the Technoblog on March 24 to report the situation. According to the information provided, the employees had been without the system for two days. The rumor going around among the hospital staff was that there was a demand for a ransom.
Without a system, orders started to be made on paper
In an internal email dated March 23, the HU Superintendence says that there was an “invasion of all systems”. The boss informed that the “formatting of all the computers” would be done progressively, and that the employees would need to change the login password.
Another internal document communicates that the collection of outpatient routine exams has been suspended. Those from the emergency room and inpatients continued. The orders and results, however, were recorded manually.
According to the source who reported the attack on Technoblog, another piece of information that ran internally was that all the computers’ HDs were encrypted by the hacker, who demanded a ransom in bitcoin — that is, it would really be ransomware. The priority was to re-establish the examination system.
O Technoblog confirmed the information with another person connected to the HU. According to her, a computer returned to function in her sector, but access to the system started to be done in a new shortcut, since the old one did not work. In addition, this second source confirmed that it was necessary to create new passwords and logins.
On Monday (27), scheduling appointments was still not possible, and internet access was down. She confirmed that, in order to continue with the operation of the hospital, many processes began to be done on paper.
HU is only attending urgencies and emergencies
After contacting the Technoblogthe press office of the University Hospital sent the following statement:
Due to the cyber attack that took place last week, outpatient and elective care was suspended and the Emergency Room was restricted to urgent and emergency cases.
So far, no data leakage has been detected. If any leakage is identified, the appropriate communications will be made.
The defense mechanisms against cyber attacks were activated and the system restoration is being done gradually.
To the metropolises, Walter Cintra Ferreira, director of the hospital, confirmed that this is a ransomware attack and that all machines are being formatted.
He further said that the hospital has not paid and will not pay the ransom demanded by the hackers. Backups are being recovered, but there is still no deadline to restore all systems.