Posted September 14, 2022 at 7:35 am
On 21 August, the Sud Francilien Hospital was the victim of a cyber attack with a ransom demand – © Getty Images
–
The South Francilien Hospital Center (CHSF) in Corbeil-Essonnes has been under attack since 21 August. After an initial ransom note, hackers are now stealing patients’ personal data.
–
–
The management of the South Francilien Hospital Center (CHSF) admitted Tuesday that it had suffered “the exfiltration of personal data”, including “health data”, as part of the cyber attack that hit the hospital since mid-August. “In an act of vindication and ultimatum, samples of stolen data were posted on the attackers’ website,” the establishment announced.
The hospital, however, said it had “no knowledge of any malicious use” of this stolen data at this stage, with which hackers are trying to blackmail it.
This hospital located south of Paris, which provides health coverage to nearly 700,000 suburban residents, was the victim of a cyber attack on August 21 with a $ 10 million ransom note.
Its corporate software, its filing systems or even the information system relating to patient admissions had been made inaccessible.
The hospital then filed a complaint and seized National Commission for Informatics and Freedoms (CNIL). The investigation is underway, opened by the Paris prosecutor’s office and entrusted to the gendarmes of the Center for the fight against digital crime (C3N). The National Authority for the security and defense of information systems (Anssi) was also seized.
White plane
But “despite these measures and this reactivity, the hackers still managed to exfiltrate personal data, including health data,” the hospital lamented in a news release Tuesday. “At this stage, apart from the samples, we do not know the exact nature of the data in question, nor the identity of all those affected,” he said, referring to an ongoing “identification work” and guaranteeing its “more total investment “.
Once identified, these subjects will be notified, receiving “notifications of violation of personal data”. After the attack, the hospital, whose emergency room usually receives 230 people a day, launched an emergency plan called a “white plan” to ensure continuity of care. It ran at half speed, but last Friday it showed signs of progress.
Therefore, the teams are working to secure the information system. “Access to e-mails” and “filtered access to the Internet” must soon be provided, the hospital explained on Friday.
For about two years, a wave of cyber attacks has been targeting the French and European hospital sector. In 2021, Anssi recorded an average of one accident per week at a health facility in France.
–
