William Molinié, edited by Solène Leroux with AFP 5:44 p.m., August 22, 2022

Since Sunday, the Sud Francilien Hospital Center in Corbeil-Essonnes, south-east of Paris, has been the victim of a computer attack.

According to information from Europe 1, in addition to the ransom demand of ten million dollars, there are threats of disclosure of private data concerning medical personnel and patients.

Disrupted activity in emergencies and surgery, redirected patients: the Sud Francilien Hospital Center (CHSF) in Corbeil-Essonnes, south-east of Paris, has been the victim of a computer attack since the night of Saturday to Sunday around 2 a.m., according to information from the police-justice service of Europe 1. A ransom demand of ten million dollars, formulated in English, was demanded by the hacker (s), a police source told AFP, confirming information from RMC .

The Essonne hospital center launched a "white plan" on Sunday, an emergency plan to ensure continuity of care.

This attack makes "for the time being inaccessible all the hospital's business software, the storage systems (in particular medical imaging) and the information system relating to patient admissions", indicates the establishment in a communicated.

According to our information, there are threats of disclosure of private data concerning medical personnel and patients. 

No patient transported or moved

The degraded mode obliges the staff to return to the "paper file and the pen" for the patients already hospitalized, confirms to AFP Medhy Zeghouf, deputy mayor of Évry-Courcouronnes and president of the supervisory board of the CHSF.

“Some devices and systems are indeed disturbed, there will be deprogramming of acts and operations,” he adds. 

“We can no longer register a single patient”, testifies on the spot Franck Banizette, union representative Sud Santé adding that “only vital emergencies are taken care of”.

For relative emergencies, patients are invited to go to other establishments in the region and triage is underway at the CHSF emergency room.

According to information from Europe 1, the reception of emergencies and outpatient consultations has been stopped.

There is currently no impact on hospitalized patients, and no patients have been transported or moved.

>> READ ALSO -

 Why hospitals are the new favorite target of cyberattacks

Malfunctions observed in doctors' "beepers"

"This attack does not impact the operation and security of the hospital building", reassures the hospital center which specifies that "all networks remain in operation (telephone with the exception of fax, automated distribution flows, etc.)."

According to sources close to the investigation, contacted by Europe 1, if there was no problem on the fixed telephony within the hospital, the attack resulted in malfunctions observed on the use internal mobile telephony and in particular the famous "beepers" of doctors.

A police crew was deployed on the spot to prevent any possible trouble linked to the media coverage of the case.

Opened in 2012 and with a capacity of a thousand beds, the CHSF provides health coverage for a population of nearly 600,000 inhabitants of the outer suburbs.

The Minister of Health, François Braun, judged the attack on Twitter as "unspeakable" and said he was waiting for legal action against the perpetrators. 

I am closely following the situation at the South Francilien Hospital Center in Corbeil-Essonnes, affected by a #cyberattack.

It is an unspeakable act, its authors will be prosecuted.

Full support for the teams mobilized for the safety & continuity of patient care.

— François Braun (@FrcsBraun) August 22, 2022

Investigation for intrusion and attempted extortion in an organized gang

The Paris prosecutor's office has announced the opening of an investigation for intrusion into the computer system and attempted extortion by an organized gang, supervised by its cybercrime section.

The investigations were entrusted to the gendarmes of the Center for the Fight against Digital Crime (C3N), added the prosecution.

The National Authority for the Security and Defense of Information Systems (Anssi) was "quickly seized by the crisis unit", he added.

According to a close source contacted by AFP, "a family of ransomware has been identified".

This cyberattack once again targets a hospital, a sector that has been hacked for two years via ransomware.

In 2021, Anssi recorded an average of one incident per week in a health establishment.

But French public hospitals cannot pay a ransom because of their status and attacks against them are thus wasted because cybercriminals will not get any compensation, regardless of the damage caused.

>> READ ALSO -

 "Cyberattacks against hospitals have jumped 500% since the arrival of Covid"

25 million euros for hospital cybersecurity

Experts say cybercriminals either act blindly, randomly targeting any computer system they manage to break into, or because they are inspired by examples of attacks on US hospitals, institutions often deprived of the budget allowing them to pay ransoms.

To fight against this growing phenomenon, the State devoted in the wake of the Covid-19 epidemic an envelope of 25 million euros to the cybersecurity of health establishments.

At the same time, 135 hospitals have been designated "essential service operators", which requires them to comply with more stringent cybersecurity rules than ordinary institutions.