French Hospitals Cut Internet Connection After Data Raid

A French hospital group has been forced to cut internet connectivity in two locations after hackers stole data in an attempted extortion campaign.

GHT Cœur Grand Est revealed the news in an update yesterday, claiming the attack struck last Tuesday and succeeded in infiltrating the networks of its Vitry-le-François and Saint-Dizier hospitals.

“The GHT Cœur Grand Est has cut all incoming and outgoing internet connections from its establishments in order to protect and secure information systems and data,” it said.

“This computer containment will continue until the risk of a new attack exploiting the flaw created is completely circumscribed.”

According to the statement, the stolen information is “essentially administrative computer data.” However, local reports claim that files from Vitry-le-François hospital posted to a dark web site by the attackers include social security details, banking information and patient letters.

In fact, the group itself is warning “users and partners” of potential follow-on phishing and vishing attacks in the coming days and weeks.

The healthcare organization does not intend to pay a reported $1.3m ransom demand.

It claimed in the notice that internal IT systems, including electronic patient records have not been affected and that patients continue to receive a high-quality level of care.

However, it also admitted that some services are now unavailable, such as booking appointments online.

Reports also suggest that the incident will take weeks or months to remediate fully. Data flows to and from the hospitals, such as lab results, are being managed via pen and paper, GHT director Jérôme Goeminne is quoted as saying.

Payroll and other support functions are also thought to have been affected.

French hospitals were a popular target for ransomware actors during the course of the pandemic.

In February 2021, for example, three hospitals in the Lyon region were compromised by online extortionists.

Next Post

Emotet malware now installs via PowerShell in Windows shortcut files

Thu Apr 28 , 2022
The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default. The use of .LNK files is not new, as the Emotet gang previously used them in a combination with Visual Basic […]
Emotet malware now installs via PowerShell in Windows shortcut files

You May Like