Corbeil-Essonnes hospital refuses to pay ransom, hackers start spreading data

A group of hackers faced with non-payment of the demanded ransom Cyber ​​attack against the Sud-Francilien Hospital Center in Corbeil-Essonnes (CHSF) began disseminating the data on Friday and we learned on Sunday, September 25. That data “Looks worried [les] users, [le] Employees as well [les] Partners » from the hospital, CHSF said in a statement on Sunday.

In broadcasting, there is potential “Some Administrative Data”including social security number, and “Certain health data such as examination reports and especially external records such as anatomy, radiology, analytical laboratories, physicians”He described the establishment.

“CHSF’s business databases, including personalized patient files (DPI) and files related to human resource management, were not compromised”Added establishment. “The attack appears to be limited to virtual servers and only a portion of CHSF storage (about 10%)”A press release said.

The ransom was reduced to two million dollars

The hackers left the hospital until September 23 (Friday) to pay the ransom. According to findings the world, a mere 11 GB folder has been uploaded on the official website of Lockbit Group. However, the content could not be recognized immediately. “It’s double extortion, which extorts part of the stolen data to put pressure on the victims. It’s a classic.”A cyberspace expert explained to Agence France-Presse (AFP).

The hospital, located south of Paris and providing health care to nearly 700,000 people living in the suburbs, fell victim to a cyber attack on August 21 with a ransom demand of $10 million. According to several compatible sources, it would have been reduced to a million dollars.

The cybercriminal group is now asking for a million dollars to remove data from its site. The cyber attack, which began in August, affected business software, storage systems and the facility’s patient enrollment information system, rendering them inaccessible.

“White Plan” to ensure continuity of care

The hospital filed a complaint and took over the National Commission for Computing and Freedom (CNIL). An investigation opened by the Paris prosecutor’s office and entrusted to the gendarmes of the Center for the Fight Against Digital Crime (C3N) is ongoing.

The National Commission for Security and Safety of Information Systems (ANSSI) was also taken over. “Despite these measures and this reactivity, hackers managed to exfiltrate personal data, including health data”The hospital lamented in a statement in mid-September.

After the attack, the hospital had an emergency department that treated 230 people a day Instigated an emergency plan said “The White Map” To ensure continuity of care. A wave of cyber attacks has been targeting the French and European hospital sector for nearly two years. In 2021, Annecy recorded an average of one incident per week at a health institution in France.