In less than a week, two French hospitals were stricken with ransomware attacks, and a third pre-emptively cut connections with an IT provider, prompting the transfer of some patients to other facilities, reports FRANCE 24.
The Villefranche-sur-Saône hospital complex in France’s eastern Rhone département (administrative area) announced Monday that a cyber attack had been detected at 4:30am local time.
The attack by the crypto-virus RYUK, a type of ransomware, "strongly impacts" the Villefranche, Tarare and Trévoux sites of the North-West Hospital, the hospital said in a statement.
Ransomware is software that blocks data on a computer system that is then made accessible after a ransom pa
Each hospital site’s team immediately set up limited procedures to ensure the exchange of information necessary for patient care, as well as a crisis unit to organise the operation of all three sites.
There are no scheduled transfers for patients in intensive care at Villefranche, nor for infants in the neonatal department, and Covid-19 vaccinations are continuing.
However, Tuesday’s slate of surgeries were postponed, and two sites are coordinating with the regional health agency to refer emergency patients to other facilities.
France’s National Agency for the Security of Information Systems (ANSSI) is helping to investigate the attack. The North-West Hospital’s statement came on the same day that ANSSI said it had discovered a hack of several organisations that bore the hallmarks of a group linked to Russian intelligence.
"This campaign mostly affected information technology providers, especially web hosting providers," ANSSI said in a report.
Monday’s attack in Villefranche follows similar ones on hospitals in Paris, Rouen, Montpellier, Issoudun, Albertville Moutiers, Toulon, and Narbonne during the past year – and just four days after the Dax hospital in the south-west Landes département reported a ransomware attack that took place on February 9th.
The Dax hospital’s IT team was still in the “diagnostic stage” of responding to the attack, a staff member in the hospital’s communications office said Tuesday to FRANCE 24. “It’s advancing,” she said.
France’s health ministry had confirmed to AFP that last week’s attack “paralysed […] almost all information systems” at the hospital.
The attack had interrupted radiotherapy due to inoperable computers, said Benjamin Blanc, president of the hospital’s medical commission, at a press conference on February 11th. Radiology, the laboratory and the pharmacy were operating at reduced levels but “without any consequences for patients”, while Covid-19 patient care and virus vaccinations were ongoing, Blanc said.
The Dax cyber attack also affected automated washing cycles and room catering.
Benôit Elleboode, director general of the regional health agency, called the attack an act of “despicable barbarity” at the press conference.
“No ransom will be paid since it doesn’t guarantee recovery of the codes to recover the data,” Elleboode said. “It would only tempt the pirates to target other hospitals.”