SAN JOSE — A ransomware attack paralyzed Costa Rica’s national hospital network’s electronic patient records system, forcing doctors at four major public hospitals to revert to paper-based charts and delaying surgeries at Hospital Mexico and Hospital San Juan de Dios in San Jose. The attack, attributed by government sources to the LockBit ransomware group, encrypted patient data across 12 hospitals in the Central Valley.
LockBit Demands $15 Million
Emergency departments remained operational but were forced to divert non-critical cases. The Ministry said no patient data had been exfiltrated, though cybersecurity firm SentinelOne said it had observed indicators that data had been copied before encryption. LockBit issued a 72-hour ransom demand reportedly exceeding $15 million in cryptocurrency. Costa Rica’s national health insurance fund, CCSS, said it would not negotiate with attackers.
Government Response
President Rodrigo Chaves declared a national cybersecurity emergency and convened an urgent session with the Ministry of Science, Innovation and Technology. The government said it was coordinating with FBI and Europol representatives in San Jose for forensic assistance. The attack is the second major cyber incident targeting Costa Rica’s public infrastructure in six months, following a breach at the national power authority in December that left 400,000 customers without electricity for 18 hours.
Health Workers React
Health workers’ unions called for emergency legislation to mandate offline backup systems for all public hospitals within 90 days. The national medical association said patient safety had been “directly jeopardized” and called the lack of cybersecurity investment “a systemic failure of the state.” International health organizations offered technical assistance, and the Pan American Health Organization said it was in contact with Costa Rica’s health ministry.
Written by Diego Vargas, Latin America Correspondent