Interrupted activities in emergency care and surgery, redirecting patients: The Sud Francilien (CHSF) hospital center in Corbeil-Essonne, southeast of Paris, was the victim of a computer attack from Saturday night to Sunday around 1 a.m., according to the institution.
The $10 million ransom demand, worded in English, was requested by a hacker or hackers, a police source confirming RMC’s information told AFP.
On Sunday, the Essonne Hospital Center launched a “white plan” – an emergency plan to ensure continuity of care.
This attack renders “all hospital business software, storage systems (in particular, medical images) and information system related to hospitalization of patients “temporarily inaccessible,” the institution says in the message.
This degraded regime is forcing staff to return to “paper files and a pen” for already hospitalized patients, Medi Zegouf, deputy mayor of Évry-Courcuron and chair of the CHSF supervisory board, confirms to AFP.
“Some devices and systems are really broken, there will be deprogramming of actions and operations,” he adds.
“We can no longer register a single patient,” Frank Banisette, a spokesman for Sud Santé, testifies on the spot, adding that “only vital emergencies are handled.”
In emergencies, patients are invited to other facilities in the region and triage is carried out at the CHSF Emergency Department.
“This attack does not affect the operation and security of the hospital building,” the hospital center assured, specifying that “all networks remain operational (telephone, except for facsimile, automated distribution flows, etc.).”
Opened in 2012 and with a capacity of 1,000 beds, CHSF provides health care to nearly 600,000 outlying suburban residents.
– Net loss –
Health Minister François Brown called the attack on Twitter “untold” and said he expected legal action against the perpetrators.
The Paris prosecutor’s office announced the opening of an investigation into a computer system intrusion and extortion attempt by an organized gang controlled by the cybercrime department.
The investigation was entrusted to the gendarmes of the Center for Combating Digital Crime (C3N), the prosecutor’s office added.
He added that the National Information Systems Security and Defense Administration (Anssi) was “quickly taken over by the crisis unit.”
According to a close source, “a ransomware family has been identified.”
This cyberattack once again targets the hospital, a sector that has been hacked with ransomware for two years.
In 2021, Anssi recorded an average of one incident per week at a healthcare facility.
But French public hospitals cannot pay ransoms because of their status, and attacks on them are thus futile because cybercriminals will not receive any compensation, regardless of the damage caused.
Experts say cybercriminals either operate blindly, randomly targeting any computer system they manage to break into, or because they are inspired by examples of attacks on US hospitals, institutions often lacking the budget to pay ransoms.
To combat this growing phenomenon in the aftermath of the Covid-19 epidemic, the state has allocated 25 million euros for the cybersecurity of healthcare facilities.
At the same time, 135 hospitals have been designated as “essential service operators,” requiring them to comply with stricter cybersecurity rules than conventional facilities.