French hospital suffers cyber-attack

A hospital in France has been hit with a cyber-attack and been forced to move patients out of its facility.

The attack is understood to be the second case of its kind in the country this year.

The cyber hack was aimed at the André Mignot hospital in Versailles on Saturday 3 December, according to the Agence régionale de santé (ARS) Île-de-France, France’s regional health service, prompting it to shut down its network as a security measure.

It said that no other health facility had been impacted by this cyber-attack. The National Authority for Security of Information Systems (ANSSI), the agency in charge of the country’s computer security, is also carrying out an investigation into the incident.

André Mignot was forced to transfer some patients to other hospitals and is only accepting a limited number of new patients. 

The hospital has also enacted emergency measures including a ‘white plan’, where hospitals can reorganise internal spaces or transfer patients to other services, as well as pushing back the date for operations that are less urgent. It has also partially paused its operating theatre activities.

The attack on André Mignot follows a similar incident from August 2022 when the LockBit ransomware group was understood to have targetted  a hospital near Paris and demanded a ransom of $10 million.

The cyber-attack was confirmed to have occurred on 21 August by the Center Hospitalier Sud Francilien (CHSF) and was reported to have been forced to turn patients away too.

Commenting on the latest attack, C Oscar Miranda, Chief Technology Officer for Healthcare at Armis, said: “It is unfortunate that over the weekend a 700 bed French hospital in the historic commune of Versailles has fallen victim to a ransomware attack less than 4 months after South Francilien Hospital Center (CHSF) in Corbeil-Essonnes suffered the same missfortune in late August.”

“Many mistake ransomware attacks against healthcare providers as efforts to steal Protected Health Information (PHI) and other critical data; however, many launch these attacks purely to disrupt operations enough for organisations to pay to resume critical services. After all, it’s much more efficient and profitable for attackers to extort providers into paying a multi-million-dollar ransom to regain access to their operations than it is to exfiltrate and sell hundreds of thousands of individual health records on the black market.”

“With strained budgets, healthcare providers’ cybersecurity postures are being weakened in a trade-off that’s forcing them to make the tough decision to reallocate funds to areas believed to have the most direct impact on patient care. Yet, the unfortunate reality is that ransomware does impact patient care as well. This disconnect is what’s widening security gaps and worsening the issue across the board.”