Ransomware Attack on French Hospital, Hackers Demand $10 million

The Center Hospitalier Sud Francilien (CHSF) in France was hit by a ransomware attack on Sunday. The hackers asked for a ransom of $10 million. The cyberattack on the systems of the French hospital took place around 1 A.M. halting access to the establishment’s services. Several patients were shifted to nearby hospitals following the attack.

Critical data inaccessible

The cyberattack on the hospital impacted several departments including the business software, storage systems and the information system that contained data related to the patient’s admissions. Details related to the patients’ medical imaging were also rendered inaccessible to the hospital staff.

The crisis unit of CHSF quickly alerted the National Information Systems Security Agency (ANSSI). The ANSSI or Agence nationale de la sécurité des systèmes d’information is the French national agency for the security of information systems. Experts from the ANSSI are investigating the ransomware attack on CHSF.

Talking about the incident, Matthieu Garin, a cybersecurity expert at Wavestone told France 24, “They (attackers) think that it will be easy to get the money from the ransom because the impact can be quite massive. Blocking emergency or imagery equipment can sometimes be a matter of life or death. And there is also the threat of leaking patient data on a massive scale. All those factors make targeting hospitals, and the healthcare industry in general, a very attractive venture for cybercriminals.”

Timely care offered to patients

Post the attack, support was immediately made available to the patients. The network of public hospitals was used for patients in need of help from its technology platform. This facility was provided by Ile-de-France. The Regional Health Agency and SAMU-SMUR 91, which provide a number of services and treatments to patients, also came forward to help CHSF with treating the patients to prevent any disruption to the treatment.

CHSF maintains services

Addressing the incident on their official website, CHSF said, “Each patient concerned will be individually informed of a possible deprogramming and the follow-up planned to ensure continuity of care with the help of hospitals in our region.” The statement affirmed that the cyberattack would not affect the operations or the security of CHSF.

Post the ransomware attack, patient records like their medications, prescriptions, and discharge-related information are being filled manually. Valerie Caudwell, the president of the medical commission of CHSF in Corbeil-Essonne told France 24, “For the nurses, instead of putting in all the patient’s data on the computer, they now need to file it manually from scratch,”.

Though the hackers have demanded 10 million, the hospital’s director, Gilles Calmes told the news website that the hospital “would not pay, has not paid and will not pay this type of ransom.”