The outcome of the extortion attempt suffered by the Center Hospitalier Sud Francilien (CHSF) was hardly in doubt. As expected, the Corbeil-Essonnes hospital center did not pay the ransom of one million dollars requested. And as expected, the hackers, affiliates of Lockbit ransomware, released stolen data to the mafia franchise’s site when their ultimatum expired on Friday, September 23.
Administrative data and examination reports
In a statement, the hospital, assisted by teams from Anssi, the state cyberfirefighter, said it was “deeply sorry” by this data leak. According to the CHSF, the stolen data disseminated visibly concerns users of the health site, its staff and its partners. For the hospital, it is likely that administrative data such as the social security number, as well as examination reports, have been disclosed.
At this stage of its investigation, the establishment estimates that 10% of its storage space was compromised in the attack. Business databases, personalized patient files and files relating to human resources management do not seem to have been stolen for the moment.
The hospital still wrongly assimilated to a company
Shamelessly, the hackers behind the attack for their part castigated the lack of payment of their victim, always wrongly assimilated to a private clinic. “We asked this company for a very reasonable price because we respect health care,” they dare to write, claiming to hold more than a million files.
The file currently posted on the Lockbit blog is an 11.7 gigabyte archive that is difficult to download due to its size. Its name, “Part1,” suggests hackers are preparing to release at least one more archive. The screenshots disseminated by malicious hackers relate to administrative documents such as contracts or personal patient information, whether it is a request for analysis or admission to a service.
Important mobilization
The hospital had been the victim of a computer intrusion on the night of Saturday August 20 to Sunday August 21. The investigation opened in the wake of the Paris prosecutor’s office was entrusted to the gendarmes of the Center for the Fight against Digital Crime, in charge of cases relating to Lockbit.
This hack had led to significant political mobilization. Two ministers, François Braun and Jean-Noël Barrot, went to the bedside of the victim, announcing the release of an additional 20 million euros dedicated to the protection of health establishments against cyberattacks. A budget envelope to put into perspective: with just under 3,000 health establishments, this represents on average only 6,000 euros per structure.