Europe 1 with AFP / Photo credit: ANNETTE RIEDL / DPA / DPA PICTURE-ALLIANCE VIA AFP 6:19 p.m., February 28, 2024

According to the management of the Armentières hospital, victim of a cyberattack on February 11, the stolen files concern “around 300,000 patients”.

This data, “made accessible” since Sunday by the hackers, is “essentially lists, containing the contact details, the date of arrival and the care sector of the patients concerned”.

The files stolen during the cyberattack which targeted the Armentières hospital center (North) on February 11 concern "around 300,000 patients", hospital management told AFP on Wednesday.

This data, "made accessible" since Sunday by the hackers, is "essentially lists, containing the contact details, the date of arrival and the care sector of the patients concerned", indicated the establishment in a press release.

“To date, no computerized patient file appears in the disclosed elements,” he added.

“A residual number of files must still be downloaded in order to be analyzed,” specifies the hospital center.

Blackout, a new hacker group

The establishment had to temporarily close its emergency rooms following this cyberattack.

This was confirmed "by the printing of several ransomware messages on the establishment's printers", the hospital center indicated on the day of the attack.

The first elements directed the investigation towards LockBit, a hacker group presented as "the most harmful" in the world and whose dismantling was announced last week by the authorities of several countries.


 Hacked health data: how to know if you are one of the 33 million French people affected

The Lille public prosecutor's office relinquished the case in favor of the Paris public prosecutor's office, which included it in the "LockBit" file of the section specializing in the fight against cybercrime.

The links between this leak and Lockbit remain “yet to be demonstrated”, however, says a source close to the matter.

According to two cybersecurity experts contacted by AFP, Damien Bancal and Clément Domingo, it is in reality a new group, called Blackout, which is at the origin of the attack, claimed on its blog which appeared a few days ago on the dark web.

For this attack, Blackout “used the same tools as Lockbit”, which leaked a few months ago, according to Clément Domingo.

The National Commission for Information Technology and Liberties (Cnil) told AFP that it had opened an investigation after “a notification of a data breach”.

Several French hospitals have been the target of cyberattacks in recent years, such as the Brest hospital in March 2023, the Versailles hospital in December 2022 or the Sud Francilien Hospital Center (CHSF) in Corbeil-Essonnes at the end of August 2022. In France, public establishments never pay ransoms because the law prohibits them from doing so.