These data “seem to concern [the] users, [the] personal as well as [the] partners” of the hospital, said it. The South Ile-de-France hospital center of Corbeil-Essonnes had been the victim of a cyber attack more than a month ago.
Faced with the non-payment of the ransom requested, the group of hackers who orchestrated a cyber attack against the South-Francilian hospital center of Corbeil-Essonnes (CHSF) began on Friday to disseminate data, we learned Sunday September 25. These data “seem to concern [the] users, [the] staff as well as [the] partners” of the hospital, said the CHSF on Sunday in a press release.
In what has been disseminated are potentially “certain administrative data”, including the social security number, and “certain health data such as examination reports and in particular external files of anatomocytopathology, radiology , analysis laboratories, doctors “, detailed the establishment.
“The CHSF business databases, including personalized patients (DPI) and files relating to human resources management, have not been compromised,” added the establishment. “The attack seems to have been circumscribed to the virtual servers and only to a part of the storage space of the CHSF (about 10 %)”, according to the press release.
a rancid of two million dollars
The hackers had left the hospital until September 23 (Friday) to pay the ransom. According to the Zataz specialized site, Lockbit 3.0 hackers have broadcast more than 11 GB of sensitive content. “This is a double extortion, consisting in exfiltrating part of the stolen data to put pressure on the victims. It is a classic,” said a cyberspace specialist at the France-Presse agency (AFP) .
The hospital, located south of Paris, which ensures the health coverage of nearly 700,000 inhabitants of the Grande Couronne, had been the victim of a cyber attack on August 21, with a ransom of 10 million Dollars. It was then reduced to a million dollars, according to several concordant sources.
According to Zataz, the pirates are now demanding at the hospital “$ 2 million (1 million to destroy stolen data and one million to make access to information via their dedicated software). The cyber attack launched in August affected business software, storage systems or the information system relating to the admissions of the establishment of the establishment, making them inaccessible.
“white plan” for Ensure continuity of care
The hospital filed a complaint and seized the National Commission for Data Protection (CNIL). The survey, opened by the Paris prosecutor’s office and entrusted to the gendarmes of the Center for the Fight against Digital Criminalities (C3N), is in progress.