In an episode of The Good Doctor, the fictional St. Bonaventure Hospital in San Jose, California, suffers a cyberattack. A single computer scientist faces the challenge of restoring the system, with the mystery of whether he will be able to do it in 24 hours, before having to pay a ransom. Pure fiction. Between 150 and 200 people participate daily, including weekends, in the recovery of the Clínic hospital, attacked on March 5.
David Font, director of Strategy for the center, is the one who alludes to the American series in a meeting of members of the crisis committee of the Barcelona hospital with La Vanguardia to update the situation after one of the most critical moments in the history of the center.
In addition to Font, there are Antoni Castells, medical director; Gemma Martínez, nursing director; David Vidal, Director of Information Systems; Marc Roda, head of the Legal Services area, and two members of the communication team: Xavier Francàs, the head, and his deputy, Rai Barba.
There are no bad faces among the group. Fifty-four days after the debacle caused by the RansomHouse hackers, the technicians have managed to restore 59% of the computer building, enough for healthcare activity to resume normality and the tension of the 8,000 professionals linked to the hospital. have returned to normal levels.
Although the criminals persist in their blackmail and on Thursday they released, for the third time, a consignment of stolen data of between 5 and 6 gigabytes, they are not going to get paid. “We are a public institution and we do not even consider the possibility of paying a ransom,” says Roda.
In the three publications made, the attackers have disseminated data of thousands of people. In most cases only name and surname appear, in others the DNI may also appear, and little else. This is unstructured data, without order, contained in folders handled by hospital staff. The clinical history of the patients is not included, nor is the data contained in the care system or the human and economic resources system.
All the people who appear in the information disseminated by the assailants have received a personal notification from the hospital. "We are not aware that the dissemination of personal data has caused any real damage," Roda remarks. The hospital has not received claims from possible affected parties; on the contrary, more of a wave of solidarity like when people went out to the balconies to applaud the toilets during the confinement.
Because the chaos caused by pirates is comparable to that caused by SARS-CoV-2. “All the best has come out of the hospital as happened with the covid. The first 72 hours were very intense. Values such as solidarity, gratitude, solidarity, respect, have come out again On Thursday (the 4th), people were thankful that we had not canceled the visits and acknowledging that an effort was being made” recalls Castells.
“If in the covid –he continues- one of the worst things experienced in the hospital was uncertainty, in this crisis the worst thing was probably the lack of communication. The telephone switchboard did not work. The feeling of isolation was worrying. With the covid we learned that to get ahead it is essential to align the institution, for messages to flow and for everyone to do what they have to do, without discordant notes or hoaxes. Here we found that this, the internal communication element, so important, was very difficult”.
In the absence of computers, they began to distribute pens”, intervenes Gemma Martínez. “We have returned to the Bic four colors”, she said to herself around the house ”. The hospital went back 30 years. "Generations of residents over the years when they saw paper petition forms didn't know what it was." At that time, the veteran doctors and nurses, those who at the time transitioned from the analog world, stuck out their chests to educate the young digital natives.
"The pharmacists shit again on the doctor's handwriting, something that hasn't happened for a long time!" exclaims the medical director to the laughter of those gathered in a small room on the top floor. They did not smile so much in the week of March 5, when the hospital pharmacists did not know how to find the medicines for the 800 admitted patients, since they are stored in computerized cabinets.
It was the first moment of panic. Suddenly, the prescription of the medicines of the hospitalized patients became inaccessible. The same Sunday of the attack, a specific contingency plan was applied for this situation. On Monday, the hospital realized that it had been cut off from the rest of the world. Without email, without a website, without an intranet, without the contact details of the patients who had to go to see each other.
And he decided to resort to the help of the media and the Government website to contact the patients of external visits and analytical: Do not come, we will call you when we can. Hundreds, thousands of performances were suspended in the first days. Nearly two months later, virtually all arrears have been recovered.
It was real chaos. And it could have been much worse, warns David Vidal, if the hospital had not been well prepared. The center's server structure prevented criminals from breaking into the SAP, he explains. On the other hand, the experts do not have a clear explanation of why the criminals did not break the copy system. Why couldn't they? Why did the manuals they use not include attacking the SAP or the security system?
In less than three days, the technicians managed to reinstall the machine that controls the backup copies. “There was a catalog of copies to be able to access and start recovering. The copies have guaranteed us no loss of data. Without backup copies, either we paid or we had to start from scratch”, points out the director of Information Systems.
Damages, therefore, quite limited in spite of everything. The hospital works with a 12-week calendar, which expires at the end of May, for the total recovery of the 250 different information systems, 250!, that manage its activity. From the care system to the economic one, going through the one that orders the laboratory or those that are used in endoscopies, electrocardiographies, the one that gives the consultation turn, the one that opens the doors with the fingerprint... Everyone, they have to restore all.
Is there anything good about surviving an intrusion that experts consider highly sophisticated? “A lot of knowledge has been generated from this,” says Antoni Castells. “We have learned live and direct how to build a hospital after a cyberattack and this knowledge has made us stronger. Now we have to be able to make it available to everyone.”
