The South Francilien Hospital Center (CHSF) in Corbeil-Essonnes, still under the influence of a cyberattack orchestrated on August 21 against its computer system, regretted on Tuesday September 13 "
the exfiltration of personal data
" including "
data from health
”.
"
In an act of claim and ultimatum, samples of stolen data were published on the attackers
' site," the establishment announced in a statement sent to AFP.
To discover
OUR FILE - Elizabeth II, a rock and a symbol for England
The hospital, however, claimed not to have, at this stage, "
knowledge of any malicious use
" of this stolen data, with which the hackers are trying to blackmail them.
This hospital located south of Paris, which provides health coverage for nearly 700,000 inhabitants of the outer suburbs, was the victim of a cyberattack on August 21 with a ransom demand of 10 million dollars.
Read alsoAfter the hack, the Corbeil-Essonnes hospital fears a slow recovery
Its business software, its storage systems or even the information system relating to patient admissions, had been made inaccessible.
The hospital then lodged a complaint and seized the National Commission for Computing and Liberties (CNIL).
The investigation, opened by the Paris prosecutor's office and entrusted to the gendarmes of the Center for the Fight against Digital Crime (C3N), is underway.
The National Authority for Security and Defense of Information Systems (Anssi) is also seized.
"White map"
But “
despite these measures and this reactivity, the hackers nevertheless managed to exfiltrate personal data, including health data
”, lamented the hospital on Tuesday in its press release.
“
At this stage, apart from the samples, we do not know the exact nature of the data concerned, nor the identity of all the people affected
”, he specified, referring to an “
identification work
” in progress and ensuring its "
most total investment
".
Once identified, these individuals will be notified, receiving “
individual data breach notifications
”.
After the attack, the hospital, whose emergency room usually receives 230 people a day, launched an emergency plan called a "
white plan
" to ensure continuity of care.
It has been operating at half speed, but last Friday showed signs of progress.
Thus, teams are working on securing the information system.
“
Access to emails
” and “
filtered access to the Internet
” must soon be provided, the hospital explained to the hospital on Friday.
A wave of cyberattacks has been targeting the French and European hospital sector for about two years.
In 2021, Anssi recorded an average of one incident per week in a health establishment in France.
