Corbeil-Essonnes hospital paralyzed by a cyberattack
The Sud Francilien Hospital Center (CHSF) in Corbeil-Essonnes, south-east of Paris, has been the victim of a computer attack since the night of Saturday to Sunday around 1 a.m., seriously disrupting its services and the management of emergencies, possibly for weeks, according to his direction.
A ransom demand of 10 million dollars, formulated in English, was demanded by the hacker or hackers, a police source told AFP, confirming information from RMC. The Essonne hospital center launched a “white plan” on Sunday, an emergency plan to ensure continuity of care.
“The IT specialists noticed a malfunction. They said to themselves that it was a breakdown (…) but when there was a ransom demand of 10 million dollars, they understood”, testifies the director from the hospital, Gilles Calmes.
The hospital’s business software, storage systems (including medical imaging) and the information system relating to patient admissions, have been made inaccessible according to management. Despite this degraded mode which requires the use of paper records, hospitalized patients are not affected, said management.
Opened in 2012 and with a capacity of a thousand beds, the CHSF provides health coverage for a population of nearly 600,000 inhabitants of the outer suburbs. “Since yesterday, the CHSF has made every effort to ensure that all urgent care is satisfied,” assures Mr. Calmes. But new admissions are complicated and emergency patients “are directly referred by the SAMU” to other establishments in the region. Deprogramming of the operating theater is to be feared, according to management.
I am closely following the situation at the South Francilien Hospital Center in Corbeil-Essonnes, affected by a #cyberattack. It is an unspeakable act, its authors will be prosecuted. Full support for the teams mobilized for the safety & continuity of patient care.
— François Braun (@FrcsBraun) August 22, 2022
The Minister of Health, François Braun, judged on Twitter the attack “unspeakable” and said he was waiting for legal action against the perpetrators. The Paris prosecutor’s office has announced the opening of an investigation for intrusion into the computer system and attempted extortion by an organized gang, supervised by its cybercrime section. The investigations were entrusted to the gendarmes of the Center for the Fight against Digital Crime (C3N), added the prosecution.
The National Authority for the Security and Defense of Information Systems (Anssi) was “quickly seized by the crisis unit”, he added. According to a close source, “a family of ransomware has been identified”.
“No establishment has paid and will not pay,” confirms the director of the CHSF to AFP, because of its status as a public establishment, the attack therefore being a pure loss for cybercriminals. “We also looked at what happened to colleagues. What we understood is that it can go up to a three-week unavailability,” he said.
A wave of cyberattacks has been targeting the French and European hospital sector for about two years. In 2021, Anssi recorded an average of one incident per week in a health establishment in France. Experts say cybercriminals either act blindly, randomly targeting any computer system they manage to break into, or because they are inspired by examples of attacks on US hospitals, institutions often deprived of the budget allowing them to pay ransoms.
“We block you, we prevent you from working, and if you want to work, you pay, we unblock you”, summarizes Cyrille Politi, digital adviser at the French Hospital Federation (FHF). “There is really a paradigm shift that has taken place in recent years (…) Before, hacker groups did not attack healthcare establishments. They considered hospitals to be a somewhat sacred place. C fell,” laments Mr. Politi.
To fight against this growing phenomenon, the State devoted, after the COVID-19 epidemic, an envelope of 25 million euros to the cybersecurity of health establishments. At the same time, 135 hospitals have been designated “essential service operators”, which requires them to comply with more stringent cybersecurity rules than ordinary institutions.
It is always my pleasure to provide insightful information on important topics and if you have learned something from my article then I thank you for taking the time to share it with your friends or family.
We put a lot of heart and invest a lot of time trying to bring you the most interesting articles.
You would encourage us to do it even better in the future. Thank you!