The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other structures.
According to local media, threat actors demand a $10 million ransom to provide the decryption key to restore encrypted data.
“This attack on the computer network of the establishment makes inaccessible for the time being all the hospital’s business software, the storage systems (in particular medical imaging) and the information system relating to patient admissions.” reads the announcement published by the CHSF. “
“In this context, a first measure came into force on Sunday August 21 in order to guarantee the safety of care. Patients whose care requires access to the technical platform are addressed within the network of public hospitals in Ile-de-France in conjunction with the Regional Health Agency and with the assistance of SAMU-SMUR 91. In the emergency room, patients who present spontaneously are assessed and then possibly referred to the CHSF’s Maison Médicale de Garde. Patients whose care requires access to the technical platform are transferred to another establishment.”
The security breach lead the staff to return to the “paper file and the pen” for the patients already hospitalized, confirmed the deputy mayor of Evry-Courcouronnes and president of the supervisory board of the CHSF, Medhy Zeghouf.
The Center Hospitalier Sud Francilien notified local authorities and the National Information Systems Security Agency (ANSSI).
The announcement states that the attack does not impact the operation and security of the hospital building, and all networks remain in operation (telephone with the exception of fax, automated distribution flows, etc.).
“an investigation for intrusion into the computer system and for attempted extortion in an organized gang has been opened to the cybercrime section of the Paris prosecutor’s office, said the latter, who specified that the investigations were entrusted to the gendarmes of the Center fight against digital crime (C3N).” reported the French Le Monde.
According to the French website LemagIT, a “source close to the investigation” confirmed that the attack was launched by an affiliate of LockBit 3.0 RaaS. LockBit gang has yet to clarify whether or not they consider this attack to be a violation of the rules applied to their affiliates.
(SecurityAffairs – hacking, Center Hospitalier Sud Francilien)