Patient data from Corbeil-Essonnes hospital starts being leaked by hackers

It was predictable, but no less serious: the cyber attackers of the Hospital Center of South Ile-de-France (CHSF), a structure that unites 27 medical institutions in Esson, published a sample of personal data, including data on the state of health. “We do not know the exact nature of the relevant data, nor the identity of all affected individuals,” the CHSF said in a Sept. 12 press release.

No malicious use

For now, the hospital says they are not aware of any “malicious use” of the stolen data. As a precautionary measure, he continues to advise patients, former patients, and former employees to be aware that “certain data about them has been exfiltrated and may be released at the end of the ultimatum.” Indeed, if the victim does not pay the $10 million ransom, the hackers are threatening to take a step up: release all the data and no longer be content with sampling.

The CHSF network was attacked on Sunday, August 21st. This attack rendered inaccessible all hospital business software, storage systems, in particular for medical images, and information system related to hospitalization of patients. Faced with the scale of the incident, the white plan worked – the crisis plan. Patients were redirected to other medical institutions. A complaint has been filed and the Center for Digital Crime (C3N) is currently investigating on behalf of the Paris prosecutor’s office.

No return to normal yet

Things have not yet been fully restored, as hackers block access to the information system until the ransom is paid. So, we can read on the CHSF website, people are advised to avoid going to the emergency room spontaneously. On the other hand, consultations and care scheduled in day hospitals remain insured.

The government responded to this cyber attack by announcing an additional budget of 20 million euros allocated to the National Information Systems Security Agency (Anssi). The goal is to increase support for health care facilities, which is clearly not enough given the criticality of the CHSF’s current situation. The latter, however, is recent: its discovery dates back to 2012.

Another point that needs to be clarified is insurance protection against cyber risks. In early September, a bill on internal affairs provides for the obligation of companies to file complaints in order to be able to receive compensation for the buyout. The idea is far from unanimous, because by agreeing to pay the ransom, the victims support the hackers’ business. Moreover, paying for it does not absolutely guarantee the recovery of encrypted data.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.