The Hospices Civils de Lyon have just filed a complaint following a data leak, the hospital structure said in a press release. This leak, discovered on June 16, concerns “individual identification elements of professionals”, without information such as passwords or bank details being affected.
indirect victim
The health establishment also explained that it was an indirect victim of a computer hack that affected the platform used by one of their service providers for the transfer of data. Questioned by Zdnet.fr, the structure did not specify the name of the subcontractor victim of the computer intrusion.
“This hacking is part of a large-scale cyberattack that affected many structures, companies and institutions in France and abroad,” he said. The Hospices Civils de Lyon add that their “computer system is not affected and has no internal malfunction, nor any breach of patient data”.
Cl0p campaign
The regional hospital center of Lyon seems to refer, without saying so explicitly, to the campaign of the cybercriminals of Cl0p. The latter relied on a vulnerability in the MoveIT secure transfer software, an SQL injection attack, to meticulously program from the end of May a major computer attack by stealing documents exchanged on this service.
Cybercriminals claim two victims in France, the provider of medical diagnostic services Synlab and Cegedim, a specialist in business software for healthcare and insurance professionals. A gang in the sights of the French authorities for several years, evidenced by this Anssi report dating from 2019. This document linked these cybercriminals to the Locky ransomware and the Dridex banking malware.