What we know about the cyberattack against Versailles hospital

• Saturday evening, a cyberattack targeted the hospital center of Versailles, in the Yvelines.

  This center includes the André-Mignot hospital, in Chesnay-Rocquencourt, as well as the DEspagne retirement home and the Richaud hospital in Versailles.

• This hacking led to a "total reorganization of the hospital", according to the Minister of Health, François Braun.

  Six patients at risk were transferred.

• A previous attack had already hit the South Francilien Hospital Center (CHSF) in Corbeil-Essonnes at the end of August.

After the South Francilien Hospital Center (CHSF) in Corbeil-Essonnes at the end of August, it is the turn of that of Versailles (Yvelines) to be the target of a cyberattack.

The hacking attempt, which took place on Saturday evening, seriously disrupted its operation and led to a "total reorganization of the hospital", according to the Minister of Health, François Braun.

What happened ?

What are the consequences ?

What data are targeted by hackers?

takes stock of this cyberattack.

What happened ?

Saturday evening, around 9 p.m., some computer screens in the hospital center went black, displaying a simple message: “All your important files have been stolen and encrypted.

Follow our instructions”, according to the information reported by our colleagues from Franceinfo.

In the process, the attack was claimed by a group of hackers, but no ransom demand has been made for the moment, added our colleagues.

The software identified as the source of the attack belongs to a family of viruses known to cybergendarmes, according to a source familiar with the matter.

The hacking attempt affected the André-Mignot hospital, located in Chesnay-Rocquencourt, which includes consultations and all short-stay and outpatient hospital services, with nearly 700 beds and 3,000 staff members.

The establishment is also the administrative, technical and logistical headquarters of the Versailles hospital centre.

The DEspagne retirement home and the Richaud hospital, which are also part of the hospital center, were also affected, hospital management said.

The attack “is not yet circumscribed”, explained François Braun, Sunday evening, after having visited the establishment.

A crisis unit, in connection with the ARS (Regional Health Agency) of Ile-de-France, was opened on Sunday at the hospital center of Versailles-Le Chesnay.

The management of the establishment is also in contact with Anssi, the National Agency for the Security of Information Systems, to manage this crisis.

What are the consequences ?

A few minutes after the cyberattack, the entire computer system of the hospital center was shut down as a precautionary measure.

The establishment, which “put itself in data protection mode”, according to the minister, triggered its white plan and deprogrammed part of the operations, said the Regional Health Agency.

“Everything was done” to maintain outpatient care and consultations, she added.

Staff have also been mobilized in the intensive care units, whose patients require increased monitoring, and equipment has been brought in as reinforcements.

The "care machines" work but not their "networking", "so more people are needed to monitor patients in the intensive care unit, one person is needed in front of each room to monitor the screens", detailed the Minister of Health, describing a "total reorganization of the hospital".

"It's a hassle, we have to redo everything on paper by hand since this morning and the doctors have to do all their drug prescriptions manually too," explained three caregivers to AFP.

The Samu "is not reached" and "has put itself in working order to react" in the event of transfers, continued François Braun.

As a safety measure, six "heavy" patients - three hospitalized in intensive care and three newborns in the neonatology department - were transferred.

Others could be transferred, the minister said.

As emergency services are strongly impacted, residents of the region are advised not to go there and to call 15 if necessary, said Minister Delegate for Digital Transition, Jean-Noël Barrot.

Why are hospitals regularly targeted by cyberattacks?

Cyberattacks against health establishments have multiplied in recent years in France.

These groups of hackers exploit, through ransomware or "ransomware", the security flaws in their computer systems to encrypt and block them, before demanding a ransom to unblock them.

In 2020, in the midst of the coronavirus crisis, 27 hospital cyberattacks were counted.

In March, it was the Assistance Publique-Hôpitaux de Paris (AP-HP), which manages 39 public hospitals, which was targeted.

The hackers had generated a large amount of concurrent connections to overload the servers.

In February 2021, a file containing the sensitive medical data of nearly 500,000 people in France, which would come from around thirty medical biology laboratories, had circulated on the Internet.

The latest, on August 22, was a cyberattack that targeted the South Francilien Hospital Center (CHSF) in Corbeil-Essonnes.

This large-scale hack disrupted the operation of the establishment for several weeks, before returning to close to normal in mid-October.

Initially, the hackers demanded a ransom of 10 million dollars, before reducing it to one or two million dollars, to be paid before September 23.

The latter carried out their threat by broadcasting confidential data concerning the patients, staff and partners of the establishment on the “dark web”.

If these cyberattacks have become "daily", "the vast majority are stopped" in time, wanted to reassure the Minister of Health.

How will the investigations go?

A complaint was filed by the hospital on Sunday evening.

At the same time, a preliminary investigation was opened by the Paris public prosecutor's office, competent in the matter, for attempted extortion, access and maintenance in a digital system implemented by the State, introduction of data and obstruction of this system, all in an organized gang.

The investigations were entrusted to the Gendarmerie's Center for the Fight against Digital Crime (C3N), which will lead the investigation, and to the Sub-Directorate for the Fight against Cybercrime (SDLC) of the Judicial Police.

By the Web

Cyberattack on a hospital in Corbeil-Essonnes: Why is our health data so coveted?

Company

"Only eyes to cry..." Companies often helpless in the face of cyberattacks

• By the Web

• cyberattack

• Hospital

• Versailles

• Ile-de-France

• hacker

• Personal data