Hackers responsible for a cyber attack on the hospital center of southern Ile-de-France in Corbeil-Essonnes have begun to release the data, as the hospital refused to pay the requested ransom.–
The hackers carried out their threat. Data from the South Francilien Hospital Center (CHSF) in Corbeil-Essonnes, the victim of a cyber attack on August 21, is now online.
According to the specialized site Zataz, Lockbit 3.0 hackers have distributed more than 11 gigabytes of sensitive content. The hospital, located in Essonne, south of Paris, provides health coverage for nearly 700,000 suburban residents. The data in question “They seem to interest our users, our staff and our partners”the CHSF specifies Sunday in a press release. “Personalized patient medical records (CPR) and human resource management records were not compromised”continue the structure.
Only ten percent of the storage space would be affected. However, the data disclosed on the cyber attackers site is potentially “Some administrative data”including the social security number, e “Some health data such as examination reports and in particular external files of anatomocytopathology, radiology, analysis laboratories, doctors”He adds.
The Russian-speaking hacker group Lockbit had claimed responsibility for the attack and set an ultimatum for September 23 for the hospital to pay a ransom initially set at 10 million euros and then reduced to one million dollars. After the deadline, they released a series of data. According to Zataz, the hackers have now claimed to be in hospital “$ 2 million ($ 1 million to destroy stolen data and $ 1 million to restore access to information through their dedicated software)”.
Their approach has no chance of success. “From a strictly financial point of view for cybercriminals, the French public hospital is not a good ‘customer’ ‘: its financial means are limited and its payments must essentially be made to authorized suppliers, particularly during public procurement. This makes such payment nearly impossible. Furthermore, the doctrine of the state is to refuse to pay any ransom “, Cyber security specialist Nicolas Arpagian explained to Publication when the case broke.
An investigation was opened by the Paris prosecutor’s office and entrusted to the gendarmes of the Center for the fight against digital crime (C3N). The National Authority for the security and defense of information systems (Anssi) was also seized.
The activity of the CHSF had been greatly affected by the attack. A blank plan had to be enacted and patients were redirected to other hospitals. For about two years, a wave of cyber attacks has been targeting the French and European hospital sector. In 2021, Anssi recorded an average of one accident per week at a health facility in France.
–