A ransomware attack on a hospital near Paris is continuing to have a severe impact on all departments' IT systems and web access, particularly imaging. The incident highlights the vulnerability of radiology services to cybercrime and the need for more rigorous cybersecurity measures.
The Centre Hospitalier Sud Francilien (CHSF), a 1,000-bed hospital located in Corbeil-Essonnes, 28 km southeast of the center of Paris, suffered a cyberattack on Sunday 21 August. It resulted in the medical center referring patients to other establishments, postponing appointments for surgeries, and nurses filing data by hand.
According to a report in the French national newspaper, Le Monde, the attackers are demanding a $10 million ransom (9.8 million euros) to release a decryption key to free up the hospital's systems.
The French authorities are not certain who the culprits of the attack are, but they suspect LockBit 3.5 ransomware is being used. LockBit as an organisation states that attacks on hospitals are not allowed with its ransomware, so if that is the case the attackers might find themselves in trouble from both ends of the law, Le Monde stated.
Targeting a hospital for what looks like just the demand for money is just the lowest move, even for ransomware attackers, the article noted.
The return of CDs
The entire hospital IT infrastructure, including operating programs, remains frozen, archives are inaccessible, and email is unusable, a radiologist at the hospital who wished to remain anonymous told AuntMinnieEurope.com. In radiology, this means that RIS and PACS are unavailable. Images interpreted on screens cannot be stocked, so CT and MRI are being copied onto CD Rom, she said. The hospital still can't receive vulnerable patients and has diverted high-risk imaging and surgical patients to other centers.
Since the attack, radiology reports generally have been written by hand, while some radiologists have once again taken up use of dictaphones and cassettes if their secretaries have computers that are not connected to the network, the source explained. These dictated reports are then typed up and printed.
Cyberattacks targeting hospitals in France are on the increase, with 380 last year, a 70% increase from 2020. The police inquiry by a special cybercrime unit into this latest attack is ongoing.