The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other structures.
According to local media, threat actors demand a $10 million ransom to provide the decryption key to restore encrypted data.
“This attack on the computer network of the establishment makes inaccessible for the time being all the hospital’s business software, the storage systems (in particular medical imaging) and the information system relating to patient admissions.” reads the announcement published by the CHSF. “
“In this context, a first measure came into force on Sunday August 21 in order to guarantee the safety of care. Patients whose care requires access to the technical platform are addressed within the network of public hospitals in Ile-de-France in conjunction with the Regional Health Agency and with the assistance of SAMU-SMUR 91. In the emergency room, patients who present spontaneously are assessed and then possibly referred to the CHSF’s Maison Médicale de Garde. Patients whose care requires access to the technical platform are transferred to another establishment.”
The security breach lead the staff to return to the “paper file and the pen” for the patients already hospitalized, confirmed the deputy mayor of Evry-Courcouronnes and president of the supervisory board of the CHSF, Medhy Zeghouf.
The Center Hospitalier Sud Francilien notified local authorities and the National Information Systems Security Agency (ANSSI).
The announcement states that the attack does not impact the operation and security of the hospital building, and all networks remain in operation (telephone with the exception of fax, automated distribution flows, etc.).
“an investigation for intrusion into the computer system and for attempted extortion in an organized gang has been opened to the cybercrime section of the Paris prosecutor’s office, said the latter, who specified that the investigations were entrusted to the gendarmes of the Center fight against digital crime (C3N).” reported the French Le Monde.
According to the French website LemagIT, a “source close to the investigation” confirmed that the attack was launched by an affiliate of LockBit 3.0 RaaS. LockBit gang has yet to clarify whether or not they consider this attack to be a violation of the rules applied to their affiliates.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Center Hospitalier Sud Francilien)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.