Sud-Francilien Hospital Center (CHSF) in September 2011 in Corbeil-Essonnes (AFP / Joël SAGET)
The computer attack against the Corbeil-Essonnes hospital in the Paris suburbs does not endanger the treatment of patients, but illustrates the increase in cyber attacks targeting Western health institutions.
“Patient treatment is not at risk”, indicated the Minister of Health, François Braun, on Tuesday during a visit to Montpellier, specifying that patients falling under “serious technical platforms” were “redirected by Samu to other hospitals”.
The same reassuring tone at the management level of the establishment, where the situation was the same as the day before: the work is done “by hand, without the help of computers”. “We are working in a degraded state, not for the patient, but for us,” she told AFP.
The South Francilien Hospital Center (CHSF) in Corbeil-Essonnes, southeast of Paris, has been the victim of a computer attack since the night between Saturday and Sunday around 01:00. A ransom demand of $10 million, worded in English, was demanded by the hacker(s).
“It is a cyber attack, which is unfortunately in all establishments, (…), which is regular, unfortunately. We will not give in”, assured Mr. Braun.
In recent years, the number of cyber attacks has increased significantly, and they no longer spare healthcare institutions, even if they are not necessarily a priority target.
In 2021, the National Authority for the Security and Defense of Information Systems (Anssi) recorded an average of one incident of this type per week in a healthcare institution in France.
“Hackers have particularly broad goals, they go fishing. It is basically the lure of profit that motivates them, although some may also have ideological motives, revenge,” the general told AFP. Christophe Husson, deputy commander of the Cyberspace Gendarmerie Command ( ComCyberGend), which recalls that the “global cost of cybercrime is estimated at $6 billion per year”.
– “digital evidence” –
For a long time, “many threat actors had an unspoken rule to leave hospitals alone”, emphasizes Fabien Rech from the American computer security company Trellix. “However, given the current worsening of relations between East and West countries and the fact that a number of ransomware operators are associated with countries in the former USSR, we suspect that Western hospitals were put back on the target list.”
The Paris prosecutor’s office announced on Monday that it had opened an investigation into the hacking of the computer system and attempted extortion by an organized gang overseen by its cybercrime unit. The investigations were entrusted to gendarmes from the Center for Combating Digital Crime.
According to a source close to the investigation, the ransomware belongs to the Lockbit group. About 100 subsidiaries participate in the group’s activities, according to an interview recently cited by cybersecurity specialist Damien Bancal on his blog Zataz.com.
This galaxy of specialists revolves around a software, a common platform that offers all the tools to carry out the attack. They cooperate with professional methods and share the ransom.
Lockbit is active worldwide (US, China, India, Indonesia, Ukraine, France, UK, Germany…) but seems to avoid attacking targets in Russia and CIS countries, probably “to avoid prosecution in these regions,” according to cybersecurity firm Kaspersky. At the time of the Russian offensive in Ukraine, Lockbit made it known that it was “apolitical” and did not seek to interfere in the conflict.
The aim of the cyber gendarmes’ investigation is to collect “digital evidence” to “identify the perpetrators, locate them and arrest them”. These investigations are “always very long, can last several months or even several years” and require significant international cooperation, General Husson warns.