What happens when a hospital suffers a ransomware attack and loses access to key data? The Rescueware project is now underway, aiming to develop solutions to protect systems and enable the rapid recovery of information – focusing on the healthcare sector.
When we talk about hospital cybersecurity, we are not just referring to file protection or data privacy; we are talking about human lives. INESC TEC has joined forces with InvisibleLab and the Unidade Local de Saúde do Alto Minho (which will serve as the project’s pilot unit) to test an innovative solution designed to protect systems and recover data in the event of ransomware attacks. The goal is to strengthen hospital operational continuity, safeguard sensitive clinical data, reduce the risk of service disruption, and lessen reliance on paying ransoms.
“In a hospital environment, where data is continuously updated and supports real-time clinical decisions, system unavailability can directly compromise the care provided. Ensuring the rapid and complete recovery of information is critical to maintaining service continuity and patient safety,” explained Francisco Cruz, founder of InvisibleLab and promoter of the project.
But what exactly is ransomware, and why is it so important to develop solutions to protect healthcare institutions?
Ransomware is a type of malicious software that, once it infiltrates computers, servers or networks, encrypts files or blocks access to systems. Attackers then demand a ransom payment to restore access to the data or to prevent the release of stolen information.
Portugal is not immune to this threat. In 2022, headlines were dominated by a ransomware attack on the Hospital Garcia de Horta, which disrupted normal operations, forcing the postponement of appointments and surgeries and redirecting patients to other hospitals in the region. Earlier, in 2019, the Fundação Champalimaud was also targeted, resulting in operational paralysis for around 44 to 48 hours. And these incidents are far from isolated.
As digital transformation advances, hospital systems have become highly dependent on digital infrastructures for clinical records, prescriptions, diagnostics and care coordination. This dependence – combined with the presence of highly sensitive clinical data and the pressure to restore services quickly – makes hospitals particularly attractive targets for cybercriminals.
In addition, many institutions rely on legacy technological infrastructures that are difficult to update. When an attack occurs, the consequences can be severe.
The impact goes far beyond financial cost.
“In a hospital setting, a ransomware attack can compromise continuity of care, information security and trust in institutions,” said Orlando Dantas, cybersecurity lead at ULSAM. “The participation of the Unidade Local de Saúde do Alto Minho, as the pilot unit in this project, reflects our commitment to improving digital resilience and protecting critical systems.”
In practical terms, the INESC TEC team will propose an innovative solution enabling the efficient and complete recovery of affected critical data, reducing service downtime. These results will be combined with tools for early detection of such attacks. Together, they will be developed into functional prototypes by the InvisibleLab team and tested in environments simulating digital infrastructures that support the healthcare sector, through the ULSAM partner.
“Solutions for detecting ransomware attacks are extremely important, but they may fail to identify them altogether or do so too late – after critical information has already been compromised,” explained João Paulo, the project’s PI at INESC TEC and a lecturer at the University of Minho. “It is essential to combine these solutions with mechanisms that allow for the efficient recovery of potentially compromised data, reducing significant financial losses for institutions – for example, by avoiding the need to pay ransoms,” he added.
What sets Rescueware apart from other initiatives in this field is precisely this integration of research, technological development and validation in a real hospital setting. With a duration of three years and co-funded by the European Union through the NORTE 2030 programme, the project also includes cyber hygiene training for healthcare professionals, promoting a comprehensive approach to digital resilience.
More information about the project is available at: https://rescueware.invisiblelab.dev/
News, current topics, curiosities and so much more about INESC TEC and its community!
