French Hospital Crippled by Ransomware

Patient care at a large hospital in northern France has suffered considerably after a major ransomware attack at the weekend, according to local reports.

The University Hospital Center (CHU) of Rouen was hit by the malware last Friday and severely disrupted all weekend, with national investigators called in.

A communications director from the hospital, which has over 1300 beds and 8000 staff, told AFP that the incident had forced staff back to using pen and paper.

“This resulted in very long delays in care, even if there was no danger to the health of hospitalized patients," he’s reported as adding.

The incident has echoes of the WannaCry attack of 2017 which severely affected the UK’s National Health Service (NHS). An investigation into the outages claimed it led to the cancellation of an estimated 19,000 operations and appointments, affecting around a third of trusts in England.

It is calculated to have cost the NHS £92 million, in lost access to systems and emergency IT support.

“Sadly, the targeting of hospitals with ransomware is a growing trend; earlier this year seven hospitals in Australia were also impacted by ransomware,” argued Cesar Cerrudo, CTO at IOActive.

“They are becoming a major target as despite new technology adoption being high, there is often a lack of cybersecurity knowledge, even though health data can be a very lucrative area for cyber-criminals. This makes busy hospital staff the perfect targets.”

RSA Security CTO, Zulfikar Ramzan, argued that digital transformation is another big driver of ransomware.

“While this has brought with it many benefits, organizations have become reliant on these digital technologies; loss of data can be a critical issue, making ransoming that data a much more profitable business,” he said.

“Added to this, systems are much more hyper-connected now than they used to be and one of the evolutions in the ransomware we see today is that it can now spread across different systems, so the possibility of widespread damage is much higher. This wasn’t necessarily the case 15 years ago. Unfortunately, this means we are seeing a lot of hits against organizations where data is critical – such as hospitals – where there is often no option but to pay the ransom, or lives could be put at risk.”

What’s Hot on Infosecurity Magazine?