Since the start of the Covid-19 crisis, computer attacks have multiplied against French hospitals.
The criminals take control of the servers and block access to them before demanding a ransom.
Cybersecurity players are getting organized to face this new threat.
DECRYPTION
Panic at Dax hospital: since Monday, the establishment has been paralyzed by a large-scale cyber attack.
Hackers have taken control of the servers and demand a ransom to restore access to the data.
Everything is running slowly, for example, staff cannot access e-mail or read digital patient records.
This is not an isolated case: cyber attacks against hospitals are increasing in France.
Europe 1 has investigated this new phenomenon against which cybersecurity players, public and private, are trying to organize.
>> Find Europe Matin in replay and podcast here
Why are hospitals increasingly targeted?
One figure illustrates this phenomenon well: + 500% in one year, worldwide, for cyberattacks targeting healthcare establishments, according to PwC.
France is not immune to this notable increase.
Like everywhere else, for a long time, hospitals were untouched by cybercriminals who instead targeted individuals and businesses.
The first big alert, in France, was the attack targeting the Rouen University Hospital in November 2019. But the tipping point is the start of the Covid crisis.
AP-HP was targeted during the first lockdown and since then cyber attacks have become more frequent.
INTERVIEW>
"Hospitals are targeted because they are in the spotlight of the news"
"Computer attacks, especially those against hospitals, is a question of opportunity. We are in a period of a global pandemic, hospitals are overloaded and that makes them easy targets for hackers", explains Thomas Roccia, researcher for cybersecurity specialist McAfee.
In fact, when the intensive care units are overloaded, carrying out regular computer updates is a bit of a worry for the staff.
"There is a psychological barrier that has fallen, as if there were no more limits for cybercriminals," said Cyrille Politi, digital advisor for the Hospital Federation of France.
Who are the hackers who attack hospitals?
These attacks are carried out by "teams of cybercriminals, very organized, methodical", specifies Orange Cyberdéfense, the cybersecurity division of the operator, European leader in the sector, contacted by Europe 1. "In some cases, these teams are directly linked to classic crime. In the case of Dax, the method is used has been known for years, it is known to be popular with groups in Eastern Europe. "
The goal is almost always the same: money.
"The amount of the ransoms is around tens or even hundreds of thousands of euros," according to Orange Cyberdéfense.
The most common method is "ransomware".
Through various means (attachment in an email, infected USB key, corrupted link, etc.), hackers create a gateway to a computer.
From there, they access the hospital server and encrypt all the data.
They are not deleted, just made inaccessible.
As if a burglar broke into your home while you were away, changed the lock on the front door and only agreed to give you the key in exchange for a ransom.
"Sometimes, they infiltrate in several hours, sometimes in several weeks to do even more damage", explains one at Orange Cyberdéfense.
What are the consequences of cyber attacks?
For the establishments concerned, the harmful effects are sometimes considerable: the inability to consult patient files, postponement of operations, or even in the most serious cases, transfer of patients to other establishments.
For the moment, in France, we see above all the less serious consequences.
"These are mainly blocked servers so inaccessible files", according to Cyrille Politi, of the Hospital Federation of France.
In this kind of case, it still takes one to two weeks to regain control of the servers and several weeks or even several months to rebuild the entire computer system.
The growing importance of connected health, with computers infiltrating into operating rooms, means that the risk will become exponential for the next few years.
“With 5G and connected objects, there will be more attacks,” says Philippe Trouchaud, head of cybersecurity activities at PwC France.
"We cannot go against this digitization, we must therefore learn to live with this new delinquency and be ever more rigorous in the maintenance of computer systems."
DECRYPTION>
Utility, competitiveness, health: three questions to understand 5G
Are hospitals armed to deal with attacks?
French hospitals are no more or less secure than those in neighboring countries.
The problem is rather due to the lack of human and financial resources allocated to IT security.
"It's a budget that is too often overlooked. You need full-time positions for maintenance. Buying hardware is one thing, but the main thing is to update it regularly. People forget it too much. often, "says one at Orange Cyberdéfense.
"Updates and strong passwords are the basis. 99.9% of attacks could be avoided with better 'IT hygiene'", insists Philippe Trouchaud of PwC.
The problem is that each hospital is organized in its own corner.
And not everyone keeps up with the hackers.
"We play cat and mouse. We get hacked, we find a solution to protect ourselves, then hackers find a new technology or a new flaw," sighs Cyrille Politi.
"We use so much software. We make the updates, but sometimes they have flaws that even the publisher does not know. Microsoft has sometimes discovered flaws in its software when they were used by hackers for months."
What is France doing to counter cyberattacks?
France is not lagging behind in cybersecurity, far from it.
The National Agency for the Security of Computer Systems (ANSSI) is considered a big name in Europe with hundreds of specialists in its ranks, including former hackers.
It intervenes in each serious cyber attack, mainly when the State is directly targeted, but also to help strategic companies.
A team was dispatched to Dax to accompany the hospital teams.
In some cases, Anssi also relies on private players, in particular Orange Cyberdéfense.
“With hospitals, part of the work is done upstream to strengthen defenses,” says the company.
"The tools deployed by France are among the most advanced in the world," said Philippe Trouchaud, head of cybersecurity activities at PwC France.
There remains the human factor, uncontrollable: an attachment opened inadvertently, access given to the wrong people, etc.
To avoid these errors, the firm provides training for managers of health establishments.
"We have to make all players aware of good cybersecurity practices, these are simple actions that can make a big difference."