French hospital hit in $10m cyberattack by “diabolical” ransomware hackers

French hospital hit in $10m cyberattack by “diabolical” ransomware hackers
A $10m ransom demand has been issued to a Paris hospital after a cyberattack crippled its digital systems.

By Ryan Morrison

A major hospital in France has been hit by a ransomware attack that has left it struggling to provide emergency services and left nurses handling patient data and prescriptions manually. Hackers have demanded $10m from the CHSF hospital in Corbeil-Essonnes, in south east Paris.

French hospital cyberattack
Staff at a French hospital are working with limited resources after a cyberattack (Photo by shapecharge/iStock)
A wide range of IT systems at the CHSF hospital were paralysed by the cyber attack, with unnamed hackers demanding $10m to unlock the systems and call off the attack, declaring it would release patient data if the demand isn’t met. Staff at the clinic are continuing to work with limited resources as a result of the breach.

The hacking group made its demands in English soon after the attack started late on Saturday night. The attack is being investigated by the Centre for Combating Digital Crime (C3N) a division of the gendarmerie.


Hospital director Gilles Calmes says they have no intention of paying the ransom. Speaking to France 24, he said: “You know the hospital would not pay, has not paid and will not pay this type of ransom.”

The hospital has a 1,000 bed capacity and covers a population of about 600,000 in the Ile de France region. It triggered a “white plan” emergency operation on Sunday following the start of the attack to ensure some health services could be maintained.

The attack reportedly hit all business software, storage systems including for medical imaging as well as IT systems linked to patient admissions. To combat that last aspect, nurses were admitting patients manually and handling other aspects of administration on paper.

“Each day we need to rewrite patients’ medications, all the prescriptions, the discharge prescriptions,” Valerie Caudwell, president of the medical commission of the CHSF hospital told France24. “For the nurses, instead of putting in all the patients’ data on the computer, they now need to file it manually from scratch.”

French hospital cyberattacks: serious consequences
This is just the latest cyberattack on French hospitals. In April GHT Coeur Grand Hospitals and Health Care group was disconnected from all internet connections after a cyberattack resulted in the theft of sensitive patient data.

Content from our partners
The growing cybersecurity threats facing retailers
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution
The GHT hospital network in Northeast France was hit in April and had to cut itself off from the internet to contain the problem and fix the flaw that allowed hackers into the system.

Data, insights and analysis delivered to you
VIEW ALL NEWSLETTERS
By The Tech Monitor team
Sign up to our newsletters
SIGN UP HERE
The month before, the Hospital de Castelluccio on the French island of Corsica was also hit by attackers who stole sensitive patient data and other documents. As well as the data theft, this attack impacted radiotherapy operations in the hospital’s oncology unit.

Cyberattacks targeting emergency service networks can have big implications. In 2020 a woman in Germany died after cybercriminals struck at a hospital. The systems at Dusseldorf University Clinic were taken offline, meaning the woman, an emergency admission, had to be taken to a clinic 20 miles away, resulting in an hour-long delay to what could have been life-saving treatment.

“There are multiple reasons why medical institutions are so attractive to cyberattackers,” Jonathan Cordwell, principal analyst in UK health and social care technology at business intelligence company GlobalData, told Tech Monitor last year.

“Even on an individual level, the range of identifiable information that a health record carries, in comparison to something like a credit card, makes it incredibly valuable on the black market, while the sensitivity of the information makes it potent for blackmail.”

Sam Curry, chief security officer at cybersecurity vendor Cybereason said the incident is evidence you can’t just “pay your way out of a ransomware attack”.

“Overall, attacks on hospitals are diabolical and the hackers carrying out these attacks are the worst form of human life,” Curry says. “They are soulless and gutless profiteers”

Curry argues ransomware attacks against healthcare institutions are widespread because decision makers tend to meet the demands of the hackers hoping the disruption will be limited or won’t occur. “My advice for all organisations is not to pay under any circumstance unless restoring operations is a matter of life and death,” he says. “In hospitals where urgent care and life saving care is being administered on a daily basis the decision not to pay can be an excruciating painful decision to make. “