A French hospital located in the centre of Paris, Center Hospitalier Sud Francilien (CHSF), has reported a cyberattack that caused their institution to refer their clients to other medical establishments and postpone health-related appointments.
Over 600,000 people, including patients, staff, and healthcare workers, were affected by the cyberattack incident against the French hospital, considering that medical emergencies are critical to be disrupted. In an announcement, CHSF stated that the ransomware attack caused their computer network to be temporarily inaccessible, including the hospital’s business software, storage systems, and patients’ database.
Currently, CHSF has yet to provide updates about the incident, but investigations show that their IT system is still suffering an outage that has reduced their business operations. The French hospital also added that all urgent medical treatments are being transferred to other institutions to be accommodated immediately.
The ransomware actors that hit the French hospital demanded $10M for the decryption key.
Based on the investigations conducted by the French authorities, the unknown threat actors have attempted to extort a ransom of $10,000,000 from CHSF for the decryption key of all the compromised data.
There have been no further details on whether the French hospital has given the threat actors their ransom demands, but authorities, such as the Center fight against digital crime (C3N), are already contacted to aid with the situation.
On the other hand, cybersecurity researchers are looking at the possibility of the LockBit gang being involved in the incident after finding signs of their attack tactics. The researchers also considered a clue, including how the Paris national gendarmerie handled the incident since their service has dealt with attacks from LockBit and Ragnar Locker threat groups.
Between Ragnar Locker and LockBit, the researchers point more towards the latter group. This hypothesis comes from how Ragnar Locker was observed to focus only on small-scale campaigns, whereas LockBit has mostly attacked wider scope of victims.
Although it is known among cybercriminal groups that RaaS (ransomware-as-a-service), such as LockBit, is prohibited from attacking healthcare providers. Thus, if they are involved, they have just violated that rule.
The incident has not yet been updated with more details, including which ransomware group had attacked the French hospital. The involvement of LockBit is only a theory that security experts look at, particularly since their leak site contains no entry for the CHSF situation.