EMMANUEL DUNAND / AFP
The Sud Francilien hospital in Corbeil-Essonnes is the victim of a cyber attack from the night between Saturday 20 September and Sunday 21 September.
CYBER ATTACK – After more than a month of cyberattack, the hacker group that orchestrated the cyberattack on the Corbeil-Essonnes Southern Ile-de-France hospital (CHSF), began to release the data on Friday. refusing to pay the hospital ransom note, we learned this Sunday, September 25 from a source close to the file.
The hackers had set an ultimatum for the hospital to pay the ransom on September 23. After the deadline, they released a series of data, added the expert source of the matter, confirming information from the specialized site Zataz. “They seem to interest our users, our staff and our partners”the CHSF announced Sunday in a press release sent to AFP.
Among the data disseminated on the site are potentially cyberattackers “Some administrative data”including the social security number, e “some health data such as examination reports and in particular external files of anatomocytopathology, radiology, analysis laboratories, doctors”specifies the establishment.
“The corporate databases of the CHSF, which include personalized medical records (DPI) and files related to human resources management, have not been compromised”adds Essonne hospital in its press release. “The attack appears to have been limited to virtual servers and only a portion of the CHSF storage space (approximately 10%)”he also explains.
According to ZatazLockbit 3.0 hackers have released more than 11 gigabytes of sensitive content. “This is a double extortion, which consists in infiltrating part of the stolen data to put pressure on the victims. It’s a classic”explained a cyberspace specialist.
Personal and health data exfiltrated
The hospital located south of Paris, which provides health coverage to nearly 700,000 inhabitants of the outer suburbs, was the victim of a cyber attack on 21 August with a ransom note of 10 million dollars.
The ransom would then be reduced to $ 1 million, according to several agreeing sources. According to Zataz, the hackers have now claimed to be in hospital “$ 2 million ($ 1 million to destroy stolen data and $ 1 million to restore access to information through their dedicated software)”.
The hospital then filed a complaint and seized the National Commission for Informatics and Freedoms (CNIL). The investigation is underway, opened by the Paris prosecutor’s office and entrusted to the gendarmes of the Center for the fight against digital crime (C3N). The National Authority for the security and defense of information systems (Anssi) was also seized.
More “Despite these measures and this reactivity, the hackers still managed to exfiltrate personal data, including health data” the hospital complained in mid-September in a press release.
After the attack, the hospital, whose emergencies usually receive 230 people a day, had launched a so-called emergency plan “White floor” to ensure continuity of care.
These waves of cyberattacks have been targeting the French and European hospital sector for about two years. In 2021, Anssi recorded an average of one accident per week at a health facility in France.
See also on The HuffPost: