Some 300,000 patients are affected by the theft of computer data which occurred during a cyberattack on February 11 against the Armentières hospital (North), some of which, potentially sensitive, were distributed on Sunday by the hackers.
These data are
“essentially lists, containing the contact details”
of the patients concerned, but also
“the date of arrival and the sector of care”
, indicated the establishment on Wednesday in a press release.
“To date, no computerized patient file appears in the disclosed elements
,” he added, specifying that
“a residual number”
of these files had
“still to be downloaded in order to be analysis"
.
The attack, which occurred on the night of February 10 to 11, was confirmed
"by the printing of several ransomware messages on the establishment's printers"
, the hospital center indicated the same day.
The establishment had to temporarily close its emergency rooms following this cyberattack.
Read alsoLockBit, the “most harmful” hacker group in the world, hit hard by an international police operation
"Blackmail"
The first elements directed the investigation towards LockBit, a hacker group presented as
“the most harmful”
in the world and whose dismantling was announced last week by the authorities of several countries.
The Paris public prosecutor's office, in charge of the case after the relinquishment of the Lille public prosecutor's office, has also included it in the
"LockBit"
file of the section specializing in the fight against cybercrime.
But the link between this leak and LockBit remains
“still to be demonstrated”
, clarified a source close to the matter.
According to two cybersecurity experts, Damien Bancal and Clément Domingo, it is a new group, called Blackout, which is at the origin of the attack, claimed on its blog which appeared a few days ago on the dark web.
For this attack, Blackout
“used the same tools as LockBit”
, which leaked a few months ago, says Clément Domingo.
“But above all they have the same system of blackmail
,” says Damien Bancal.
Clément Domingo now fears that
"other small strikes or other malicious actors will recover this data and compile it in .csv or Excel files (much more accessible to the general public, editor's note) and resell or distribute them through other channels”
.
For Damien Bancal, Blackout can seek with this first gain in scale to create
“a hunting board”
.
Read alsoSecurity number, mutual: more than 33 million French people affected by data theft from third-party payment managers
Apologies
The National Commission for Information Technology and Liberties (Cnil) indicated that it had opened an investigation after
“a notification of a data breach”
.
The services of the National Information Systems Security Agency (ANSSI) and CERT Santé, which helps health establishments faced with an IT security incident, are also informed of developments in the situation, according to the 'hospital.
A legal complaint was filed
"in order to initiate investigations to find the perpetrators of this particularly reprehensible attack"
, announced the establishment, which apologized
"to all those concerned, patients and professionals alike"
.
Several French hospitals have been the target of cyberattacks in recent years, such as the Brest hospital in March 2023, the Versailles hospital in December 2022 or the Sud Francilien Hospital Center (CHSF) in Corbeil-Essonnes at the end of August 2022. In France, public establishments never pay ransoms because the law prohibits them from doing so.