On Saturday night, a new French health facility fell victim to a cyber attack. It is the hospital center of Versailles (Yvelines), with its 700 beds and its 3,000 employees, the objective, which forced the management to cut the entire computer system of the various sites. As a consequence, several transfers of patients and a reduction in reception capacity.
This new attack shows the growing interest French hospitals have in hackers. In August, it was the South Ile-de-France Hospital Center, located in Corbeil-Essonnes (Essonne), which was affected.
The consequences had been significant for the patients and had lasted for several weeks. In more general terms, in 2021, 582 health establishments were victims of a cyberattack, that is, one in six. A number that has doubled in the space of a year.
Lack of training in digital security
“The hospital has been a sector in financial difficulties for several years, in all its aspects, including the digital one,” explains Gérome Billois, Wavestone’s cybersecurity expert.
Before we continue: “We have seen underinvestment in cybersecurity for years, and hospitals can be easy targets.”
Hackers often take advantage of hospital staff’s lack of digital security training to infiltrate computer systems, using the phishing technique. Due to the complexity of their operation and the large amount of information they process every day, hospitals are a priority target.
“There are efforts to be made, hospitals are extremely complex organisms, which must be prepared,” said François de Mazières, mayor (DVD) of Versailles.
All it takes is for a doctor or caregiver to inadvertently open a malicious email for hackers to gain control of a computer by encrypting the data stored on it. Since all computers are networked, it is possible for hackers to extend their control over all devices on a site.
“The front door is email. A hoax email that employees may have received, for example. In what we’ve analyzed, this is often the number one cause of hacking,” continues Gérome Billois.
A “very profitable” business model
However, the motivations of these healthcare hackers remain unclear. In Corbeil-Essonnes as in Versailles, caretakers were held to ransom so they could find their computer data. But the French government has repeatedly indicated that France does not pay money to hacker groups.
“These cybercriminals are sometimes very far from France. They don’t know we don’t pay ransoms. However, in other countries it is different. In the United States, where health facilities are run by private groups, there have been a lot of ransom payments. Seen from afar, a hospital is still a hospital, we try”, judges Gérôme Billois, who also recalls that cyberattacks “are a very profitable economic model”.
For Richard Delepierre, co-chairman of the supervisory board of the Versailles hospital, “rescue is not the issue. Those who attack us want to show that they can attack us in the most sensitive places.”
an endemic phenomenon
Furthermore, cyberattacks carried out on French soil are far from being limited to hospitals. All industries combined, one in two companies was hacked in 2021, but only half filed a complaint.
In seven out of ten cases, it was an email hacking technique and in one out of five cases a ransom was demanded.
An endemic phenomenon, which led the government to react. On November 16, the Delegate Minister for the Digital Transition, Jean-Noël Barrot, presented a “cybernetic shield” for companies and communities that do not have the means to protect themselves, endowed with 30 million euros.
But years of underinvestment in IT security in French hospitals will not be resolved in a few weeks. Your security and staff training will take several years, Judge Gérome Billois, and this while the field of computer security is short on weapons.
For Frédéric Adnet, medical director of the Samu de Seine-Saint-Denis and head of the emergency department of the Avicenne hospital, France is actually paying today for its excessive frankness in this regard.
“The hospital was perhaps considered untouchable, sacred. Thinking about our defense computer systems has been underestimated,” he said.
The health professional foresees the worst if hackers penetrate the systems of hospitals in Paris. “We were completely wrong. We have to review our computer systems. We will have to think. Our hospitals are on the network. In the AP-HP, there are 30 hospitals on the network, it would be a real disaster.”
Source: BFM TV
