After Corbeil-Essonnes in August, the Versailles hospital center at Chesnay-Rocquencourt has been the victim of massive computer hacking since Saturday evening. How do cybercriminals do it and why are hospitals ideal targets for them?
Ransomware, these ransom demands against the decryption of data from a computer system, have become the plague of the Internet for companies, whether small or gigantic. Since 2020, ransomware attacks have increased by +255% and represent the main threat identified on networks. For several years now, the health sector has been particularly targeted by this type of attack.
After an offensive of this type at the Sud-Francilien Hospital Center in Corbeil-Essonnes in August 2022, it is the turn of the Versailles hospital, located in Chesnay-Rocquencourt (Yvelines), to be targeted since Saturday evening by a cyberattack. The hospital continues to operate, but its activity is greatly slowed down on Monday. Again, it was a ransomware-type attack that hit the hospital center. Access to IT tools and data has been encrypted by the charge viralcharge viral. Cybercriminals demanded ransom payment in exchange for a decryption key. We do not know the exact amount for the moment, but according to the Corbeil-Essonnes hospital, the pirates claimed 10 million euros, reduced to 2 million later. An amount that the government agency for computer systems (Anssi) advises never to pay.
How does the hacker get in?
This type of attack is mainly conveyed by email. This is still the first vector of cyberattacks in an organization. All an agent needs to do is open an attachment, or attempt to identify themselves after being tricked into clicking on a seemingly legitimate link, for the hospital network to become accessible to the attacker. In 90% of cases, it is therefore a human action that opens the porteporte to the cybercriminal. A simple click is enough.
The Anssi Cyber Defense Center is located in the 15th arrondissement of Paris. About fifty agents are assigned to it. © Anssi
It is considered that a health establishment uses approximately 200 applicationsapplications different in their positions. The data is exchanged and processed in these different software. Thus, as soon as the hacker breaks into the system via one or more of these applications, he can almost always sneak into the entire network. Sometimes, however, penetration is partial. Thus, in the case of the Corbeil-Essonnes hospital centre, the medical imaging storage systems and the information system for patient admission had not been impacted. On the other hand, for this new attack, it is still too early to know which software has been affected.
Why are hospitals a prime target for cybercriminals?
Ransomware with its often colossal ransom demand is not necessarily an end in itself. In the event of refusal to pay, the health data stored in the establishment can also be resold for exorbitant prices on parallel and illegal markets. Thus, a medical file is valued between 250 and 700 euros. It’s more than banking data. It is for this reason that hackers target this sector of activity.
As far as patient safety is concerned, the direct impact is relatively low, even if in the present case at least six transfers of patients to intensive care and neonatology had to be carried out. Non-urgent interventions are postponed. But we must not forget that in 2020, the first death of a person due to a cyberattack took place in a hospital in Düsseldorf, Germany. This type of attack also damages the reputation of an establishment and often costs it five to ten times more than the price of the ransom.