Cyberattack on a hospital in Essonne: five questions about leaked health data – franceinfo

The threat was carried out. The hackers who blocked the computer network of the Corbeil-Essonnes hospital (Essonne) in August posted stolen health data online on Sunday, September 25. The southern Ile-de-France hospital center (CHSF), which provides health coverage for nearly 700,000 inhabitants, confirmed the publication of information which “seems to concern our users, our staff and our partners”. Franceinfo returns to this massive piracy and the fears it arouses. 1What happened? In August, at the time of the cyberattack, the hackers had demanded a ransom of 10 million euros from the hospital and set an ultimatum for September 23. This ransom was reduced to one or two million euros, according to the sources. The establishment did not pay the ransom. “The state’s position is clear on this with regard to hospitals. It is clearly not to pay the ransom”, summarizes Gérome Billois, cybersecurity expert for the firm Wavestone. It was the cybersecurity blog Zataz.com, which gave the alert, claiming that a “first broadcast has[vait] orchestrated as a compacted 11.7 gigabyte file”. According to information provided by the hospital on Sunday, the information disclosed by the hackers “seems to concern our users, our staff and our partners. Among them are “certain administrative data”, including the social security number, and “certain health data such as examination reports and in particular external files of anatomocytopathology, radiology, analysis laboratories, doctors”, continued the hospital center. , editor of the specialized site Zataz.com, who was able to consult the file, it contains documents as varied as medical examinations, applications for universal medical coverage (CMU), and an internment permit. automatically entered into a psychiatric service. “Only insiders can access the data.” Damien Bancal, editor of the specialized site Zataz.com at AFP “Over ten years, these are data which concern nearly 1.5 million people who have been patients in the hospital and then thousands of agents It’s considerable”, underlines on franceinfo the mayor of Corbeil-Essonnes, Bruno Piriou, member of the supervisory board of the CHSF. 3Who are responsible? Those who leaked this data are the perpetrators of the cyberattack, the Russian-speaking hacker group Lockbit 3.0. This group is active all over the world (United States, China, India, Indonesia, Ukraine, France, United Kingdom, Germany…). “We know them, because they communicate a lot, because they are easily reachable. We can converse with them. That’s what’s completely crazy. They have set up after-sales services. Now, knowing where they are … If they are in the depths of Russia, it will be very complicated”, assures franceinfo Damien Bancal. “They are capable of anything because they know there is money.” Damien Bancal, editor of the specialized site Zataz.com at franceinfo “We have pirates who are not even afraid to call their victims or even call the business partners of the victims they have infiltrated”, he says. According to him, out of 170 companies in the world hacked in recent days, 42 have already paid the ransom demanded by this group of hackers. 4What are the risks? Authorities now fear further targeted attacks. They invented “malicious marketing”, illustrates Damien Bancal. “They say to themselves: ‘We are blocking everything and we are going to pay for the unlocking’. Except that they have added malicious blades to their Swiss army knife”, he describes. Indeed, if the company does not pay for the unlocking of its systems, it may pay to prevent hackers from spreading the information. “And if ever the company does not pay this second demanded ransom, they will receive money, either by distributing it for free as a sample and therefore suddenly it will scare other companies, or outright, they will redistribute it to other companies. ‘other hacker colleagues and partners, whose main mission is to earn money,’ he continues. In its press release, the Corbeil-Essonnes hospital recalled the main security measures to be followed. In the event of receipt of an email, SMS, or telephone call requesting such or such action, it is necessary “to verify that the sender is indeed legitimate and in connection with the subject” and “never provide confidential information (banking, Passwords…)”. You have to “be vigilant if the tone of the message is urgent, that it pushes you to action, all the more so if you were not expecting this message”, also warned the hospital. It also recommends “checking the accounts associated” with a Social Security number and changing the passwords “if in doubt”. 5How did the authorities react? In the process, the Minister of Health, François Braun, condemned “the unspeakable disclosure of hacked data”. “We will not give in to these criminals. All state services are mobilized” alongside the hospital, he added. I condemn in the strongest terms the unspeakable disclosure of hacked data from @CHSF91. We will not give in to these criminals. All State services are mobilized alongside the South Francilien Hospital Center in Corbeil-Essonnes. — François Braun (@FrcsBraun) September 25, 2022 An investigation was opened by the Paris prosecutor’s office and entrusted to the gendarmes of the Center for the Fight against Digital Crime (C3N). Bruno Piriou, the mayor of Corbeil-Essonnes, called for solidarity and caution. He recalls that everyone “agreed, whether at the top of the state or local elected officials”, not to give in to blackmail. “It can be beyond us. We must all agree in our Republic, that this should set a precedent, he warns, if we start giving millions of euros to criminals so that they do not disclose not data, it’s an open door for it to happen again all the time.” The CHSF will also make itself “available” to the patients and agents concerned to “file a complaint against the criminals”, announced Bruno Piriou on franceinfo.