Even on, most computer screens are black at the Dax hospital center (Landes).
On some of them, an alert message is displayed: a major computer attack is underway, this Tuesday, February 9.
"The phones no longer worked, we had to go back to pen and paper at first," admits the hospital's communications department.
“The entire computer system was paralyzed, the personal data of patients blocked, administrative data too.
Less than a week later, another hospital group meets the same fate.
The Villefranche-sur-Saône, Tarare and Trévoux sites of the North West Hospital are infected.
These "ransomware" cyber attacks, a type of malicious software that blocks access to a computer until the victim sends a sum of money, are on the rise.
“Since the Covid-19 epidemic, we have never seen so many,” observes Rémy February, lecturer at the National Conservatory of Arts and Crafts (Cnam) and former senior officer of the national gendarmerie.
In 2020, the National Information Systems Security Agency (Anssi) noted a 225% increase in ransomware attacks and hospitals and other entities in the sector represent one of the prime targets.
In January 2021 alone, five security incidents caused by ransomware targeted health facilities, says the Directorate General of Health (DGS).
Are hospitals easy targets for unethical hackers?
The motivation for these attacks "seems pecuniary", "a logic of opportunity", according to Rémy February.
Do the criminals believe that "the hospital services are disorganized because of the Covid and therefore easier to trap"?
asks Arnold Zephir, designer of artificial intelligence and data scientist at Prevision.io.
Or, that they are "too taken by the throat to refuse to pay?"
In addition, "many have obsolete computer systems," admits the developer.
IT hygiene
Several dozen software programs computerize a hospital, from the patient's administrative file, which dialogues with the automatic blood analysis machine, but also with the software that manages the laboratory, or radiology.
Now the
industrial information systems, which make it possible in particular to manage PLCs, "are less protected than the others, because they are designed not to be connected", notes Rémy February from Cnam.
This interconnection goes beyond the hospital grounds.
"The data related to Covid tests and vaccination join national databases", recalls Cyrille Politi, digital expert for the Federation of hospitals of France (FFH).
Increasingly centralized health records are more susceptible to attacks.
“You only have to enter a server to gain access to thousands of data,” explains Arnold Zephir.
The interconnection then makes the malicious operation “more interesting, juicier, since the impact is greater”.
The hospital, like any structure, protects itself against cyberattacks in two ways: people and technology.
For the first, it is a question of making personnel aware of “computer hygiene”.
"It's like the famous barrier gestures against the Covid," compares Cyrille Politi.
We repeat a guide of good practices to employees: change passwords regularly, do not plug in USB keys, do not click on a questionable attachment in an email that would lead to a virus.
“Security via technology involves updating software, setting up firewalls and antiviruses.
"They have built drawbridges"
What to do when hackers manage to infect the system?
“When we were attacked, the IT department immediately asked us to turn off all workstations,” tells us the communications department of Dax hospital.
Then they built drawbridges
to prevent the virus from spreading further.
"
In the Rhône as in the Landes, the directors of information systems (DSI) called on private service providers certified by Anssi then, faced with the extent of the damage, directly to the State services.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
Even if she refutes the term, Anssi plays the role of a firefighter to be called in an emergency.
It ensures cybersecurity for all operators of vital importance (OIV), private and public, including 3,000 health establishments which can contact it as a last resort.
During the first large-scale attack on a hospital in November 2019, 25 of its specialists were dispatched to the Rouen University Hospital over the weekend to contain the spread of the virus and the encryption of data and then gradually restart the system after have created a “trusted core network” impervious to a new attack.
Its managing director, Guillaume Poupard, had learned a lesson from this sad echo today and prophesied in January 2020: "The attackers have no ethics so they would be able to attack hospitals at the time of a crisis when we need them to make sure we get a ransom ”.
At the Dax hospital center, the infection is well stopped, but the virus is still present in the system.
“We work with our personal computers thanks to connection sharing.
We cannot connect to the network, nor to wi-fi, ”explains a hospital employee.
The staff works in "degraded mode": "the care continues, but everything is longer".
When a single click on a computer was enough to send the results of an exam to a department, now you have to ask someone to come.
“We had to reorganize.
We really didn't need that, in the middle of Covid… ”she sighs.
But, according to our information, the situation could quickly evolve in the right direction, in Dax as in Villefranche.
These establishments had judiciously created and protected backups of their data which give "good hope" in their ability to relaunch care.
"A barrier has fallen"
Some criminals had yet promised, a year ago, a truce from attacks on health establishments.
Not all of them resisted.
“Before, when the world was in a crisis, hackers said they wouldn't attack.
A sort of
gentlemen's agreement
.
There, there is a paradigm shift ”, judge Rémy February.
“A psychological barrier has fallen, abounds Cyrille Politi of the FFH.
It has of course already happened that hospitals are infected, but especially at the chance of a infected USB key, for example.
Today, we are on something different.
The hackers were there upstream, they came back, observed, installed software… They inevitably knew they were attacking a hospital.
"
For the FFH, "the risk has changed in nature" and "the response must evolve accordingly".
The Federation thus asks that “the hospital be considered as a strategic sector of the State”, “in the same way as defense or research”.
"We must pool the expertise of all sensitive establishments in the State, have a very reactive strike force, ensure that at least one hospital per department never falls," said Cyrille Politi.
“If there is a university hospital that falls, we know how to treat, but if there are 10, it's a tragedy.
Rouen University Hospital sent patients to other hospitals in the region, ”underlined Guillaume Poupard de l'Anssi before the onset of the health crisis.
Rémy February calls for his side "to properly train and educate all employees of a company or establishment".
“The main danger is humans,” he repeats.
Chance of the calendar or not, Emmanuel Macron must announce this Thursday noon, after an exchange with the staff of the hospitals targeted by the attacks, the mobilization of a billion euros to strengthen the national cybersecurity strategy.
With in particular on the doctor's prescription, new credits to accelerate diagnoses of deficiencies in health establishments and raise in the law their minimum level of cybersecurity in order to harden these targets until now "soft" for hackers.