Access to the Internet and to the computer system was cut off, workstations were disconnected from the network and all telephones were taken out of service except the emergency one.

The Villefranche-sur-Saône (Rhône) hospital has been in digital virtual quarantine since Monday, February 15 after a cyberattack.

It is the second French hospital to suffer this fate in a week.

The same scenario had occurred exactly seven days ago in Dax (Landes), cybercriminals having succeeded in partially paralyzing the functioning of the hospital establishment.

Urgency, a lever for pirates

In both cases, the attackers used ransomware, which is malicious software that blocks access to a part of the computer system.

The hospital is then ordered to pay a ransom to be able to return to normal.

In the meantime, the hospital is taken by the throat ... especially in this period of the Covid-19 pandemic.

With all-out digitization in hospitals, “the shutdown of servers leads to paralysis, to difficulty in taking charge, to deprogramming, sometimes to transfers of patients to nearby hospitals because there are that you can no longer do ”, explains Frédéric Valletoux, the president of the Hospital Federation of France (FHF), interviewed by Francetvinfo.

Nursing staff are no longer able to cope with the constant influx of new patients which has become their routine with the health crisis.

These attacks can even have fatal consequences.

In Germany, a critically ill patient died in September 2020 because the hospital where she was to be operated on had been paralyzed by ransomware and could not perform the necessary intervention.

This sense of urgency makes hospitals prime targets for cybercriminals.

“In a critical phase of crisis, like the one we are currently experiencing, any disruption in the functioning of the hospital must be repaired as quickly as possible, which gives more weight to demands for ransoms”, underlines Jean-Christophe Vittu, vice-president. president of engineering solutions Europe for CyberArk, an American cybersecurity company, contacted by France 24.

A situation that makes cybercriminals greedy.

Hospitals are ordered to pay “tens of thousands of euros, sometimes hundreds of thousands of euros”, specifies Frédéric Valletoux.

Very high amounts compared to the often limited resources of these public establishments.

But given the circumstances, they have “little choice”, confirms Jean-Christophe Vittu.

Daily intrusion attempts

Another advantage of the current crisis for hackers: IT teams in hospitals are less on the alert.

“They are already overwhelmed to keep information systems afloat in order to manage the immense amount of data generated by patient care and therefore do not have the head to update computer systems that have long been the poor relatives of budgets ”, summarizes Julien Billochon, technical expert for the cybersecurity company Cybereason, contacted by France 24.

Cybercriminals have also improved their arsenals to be more effective against these establishments.

In both Dax and Villefranche-sur-Saône, they used Ryuk, considered the ultimate in ransomware at the moment.

“Its advantage is its speed in encrypting all data.

It allows you to commit your package very quickly without leaving time to react ”, notes Jean-Christophe Vittu.

“It is also a very complete toolbox that allows to infiltrate very deeply into the target's computer system,” adds Julien Billochon.

And they don't hesitate to use this software.

The attacks are not limited to the few high profile cases in recent days.

“These establishments are under continuous pressure and intrusion attempts to install this malware are counted in the tens, even hundreds every day”, specifies the Cybereason specialist, who works with about sixty hospitals in France to limit the damage.

Fire on the health sector

And hospitals are just the trees that hide the forest from attacks on the health sector since the onset of the health crisis.

“Private clinics, rehabilitation centers, pharmaceutical laboratories and even health agencies are all targets for cybercriminals”, underlines Loïc Guezo, director of cybersecurity strategy for the company Proofpoint, and deputy secretary general of the Club de la French information security (Clusif), contacted by France 24. 

It can then be just as much ransomware attacks as cyber espionage - as against the European Medicines Agency in December 2020 - or attempts at computer sabotage.

Thus, again last December, a French pharmaceutical laboratory, which helps produce the German vaccine CureVac, had to shut down several sites after discovering a virus in its computer system.

The health crisis has “been indicative of the health sector's interest in cybercriminals.

Previously, it was just a nascent market for them, ”says Loïc Guezo.

For him, it's a safe bet that the ransomware attacks on hospitals are just one step in this campaign.

Subsequently, hackers could, for example, steal medical records “to blackmail patients,” he adds.

A prospect which makes all the more urgent the appeal of Frédéric Valletoux, the president of the FHF, who asks the authorities to include hospitals and healthcare establishments in “the targets to be protected at the first level” in order to make them benefit from additional resources and greater support to strengthen their defenses.  

The summary of the week

France 24 invites you to come back to the news that marked the week

I subscribe

Take international news everywhere with you!

Download the France 24 application