A large-scale cyberattack has hit the hospital in Oloron-Sainte-Marie (Pyrénées-Atlantiques) since Monday, severely disrupting its computer system, the third in a hospital in a month, an AFP correspondent learned on Tuesday, March 9. to management.
Hospitals, easy targets in the face of cyber attacks
This hospital, which employs some 600 people for 321 beds and places in this sub-prefecture, was hit by an attack of “Ransomware” (ransomware) by which hackers break into the computer system and then encrypt its files to make them inoperative, demanding a ransom to unlock them. On the screens of the Oloron hospital, messages in English appeared demanding a ransom of $ 50,000 in bitcoins (crypto currency).
Since it was spotted Monday by an engineer in charge of the establishment’s IT infrastructure, agents have been working in degraded mode, in other words with paper and pencil.
The cyber attack affects most of the data related to patient health information, which could lead to postponements of some interventions, failing a rapid return to normal, the management explained. It also complicates the – computerized – management of drug stocks, but without calling into question the anticovid vaccination campaign at this stage.
Uncertainty about return to normal
This is the third cyberattack recorded in a month in a hospital environment after those which paralyzed the hospital center of Dax (Landes) and that of Villefranche-sur-Saône (Rhône), on February 8 and 15, and at the following which President Emmanuel Macron announced a response of one billion euros to strengthen the cybersecurity of sensitive systems.
A complaint was lodged with the gendarmerie, and the cybercrime unit of the Pau gendarmerie went there, alongside agents from Anssi (national information systems security agency), cybersecurity gendarme on the territory.
“We have disconnected all the workstations to limit losses”, explained the director of the hospital Frédéric Lecenne to the local newspaper La République des Pyrénées. “We can recover our networks in 48 hours, as in three months”, he added.
Healthcare establishments, which manage sensitive data, have become privileged targets of the computer threat since the health crisis, “The attack probably making it easier for hospitals to pay the ransom given the critical need for business continuity”, according to an Anssi report.