The Territory Hospital Group (GHT) Cœur Grand Est has announced that it has cut all of its internet access after having identified a computer attack that targeted its network. In a press release published yesterday, the GHT indicates that it discovered on Tuesday April 19 “a malicious hack from abroad” having targeted the computer systems of the hospitals “of Vitry-le-François and Saint-Dizier”.
The cutting of access, which causes the unavailability of certain online services, was decided “in order to protect and secure information systems and data”. It will continue until the risk is eliminated.
Data theft objective
The first findings suggest that the objective of the attack was to copy essentially administrative information. At first sight, therefore, there is no question here of ransomware or data encryption having paralyzed the system, but of an intrusion into the system with the objective of stealing data.
As Bleeping Computer points out, the stolen data did not take long to reappear. A new entry on the Industrial Spy platform offers visitors the opportunity to buy a 28.7 GB archive from the servers of the hospital group.
Industrial Spy is a marketplace that recently appeared on the dark web and specializes in reselling stolen data through computer attacks. Security researchers began to hear about the site, which has remained fairly confidential for the time being, via text files added to pirated software that touted the site’s merits.
Industrial Spy has offers on its site that allow visitors to purchase the data of hacked companies. In particular, there are complete archives for several million dollars or lower prices for certain individual files.
$1.3 million ransom
The attackers reportedly attempted to extort a $1.3 million ransom from the targeted health facility. But, in the absence of a response from them, the archive would have been put up for sale on the site.
According to France Bleu, the management of the group would not intend to pay the ransom. The vendors say the data contains social security numbers, banking information, copies of passports, emails and phone numbers.
The GHT alerts visitors to the high risks of phishing attempts exploiting this stolen data in the coming weeks and invites those concerned to exercise the utmost caution. According to the managing director of the group, interviewed by Le Figaroa complaint should be filed in the coming days.