The South Francilien Hospital Center (CHSF) of Corbeil-Essonnes, still under the influence of a cyberattack orchestrated on August 21 against its computer system, regretted on Tuesday "the exfiltration of personal data" including "health data" .
"In an act of claim and ultimatum, samples of stolen data were published on the attackers' site," the establishment announced in a statement sent to AFP.
The hospital, however, claimed not to have, at this stage, "knowledge of any malicious use" of this stolen data, with which the hackers are trying to blackmail them.
This hospital located south of Paris, which provides health coverage for nearly 700,000 inhabitants of the outer suburbs, was the victim of a cyberattack on August 21 with a ransom demand of 10 million dollars.
Anssi and CNIL seized
Its business software, its storage systems or the information system relating to patient admissions, had been made inaccessible.
The hospital then lodged a complaint and seized the National Commission for Computing and Liberties (CNIL).
The investigation, opened by the Paris prosecutor's office and entrusted to the gendarmes of the Center for the Fight against Digital Crime (C3N), is underway.
The National Authority for Security and Defense of Information Systems (Anssi) is also seized.
But “despite these measures and this reactivity, the hackers nevertheless managed to exfiltrate personal data, including health data”, lamented the hospital on Tuesday in its press release.
"At this stage, apart from the samples, we do not know the exact nature of the data concerned, nor the identity of all the people affected", he specified, referring to an "identification work" in progress and ensuring its "most total investment".
Once identified, these individuals will be notified, receiving “individual data breach notifications”.
A wave of cyberattacks
After the attack, the hospital, whose emergency room usually receives 230 people a day, launched an emergency plan called a "white plan" to ensure continuity of care.
It has been operating at half speed, but last Friday showed signs of progress.
Thus, teams are working on securing the information system.
“Access to emails” and “filtered access to the Internet” must soon be provided, the hospital explained on Friday.
A wave of cyberattacks has been targeting the French and European hospital sector for about two years.
In 2021, Anssi recorded an average of one incident per week in a health establishment in France.
Economy
Cyberattacks: Insurers authorized to reimburse ransoms paid by their customers
World
Montenegro victim of a cyberattack, France will help
Company
Paris
Ile-de-France
CNIL
Corbeil Essonnes
cyberattack
Hospital