Data theft hits a French hospital group, forcing them to disconnect online

April 28, 2022
Data Theft French Hospital France Disconnect Online GHT Coeur Grand Est Hospitals

Massive admin and patient data were stolen from France’s GHT Coeur Grand Est Hospitals after being hit by a cyberattack that forced them to disconnect from the internet to stop all incoming and outgoing connections. With about nine branches in the Northeast of France that employ over 6,000 staff and about 3,000 patient beds, the cyberattack has greatly impacted the hospital group.

From a statement, a GHT representative explained that they had to protect all information systems and data from all incoming and outgoing internet connections due to the attack. They also added that the containment would remain until the situation had been neutralised and that some of their online services would be put on hold temporarily.

 

Disconnecting from the internet was the measure the hospital group implemented to prevent further damage the cyberattack had caused.

 

The threat actors copied several admin computer data from the GHT system, which concerned the institution about being leaked to the public or exploited for fraudulent activities. Nonetheless, all IT servers of the hospital group are still functioning as usual since all the institutions’ software was unaffected.

On the other hand, the online services were the most impacted by the cyberattack and had to be put offline while security experts probed the situation and tried to fix the flaws that the threat operators had abused.

Experts also noted social engineering and scam risks that could transpire because of the data breach. For this reason, the hospital group, alongside security experts, urges its patients and employees to be alert to suspicious emails, text messages, and phone calls. It is also advised to contact the authorities in case of any malicious activity, such as their personal information being used for fraud.

GHT did not mention any threat groups attributed to the cyberattack. However, experts consider an angle about the new underground marketplace called Industrial Spy adding a new entry to their items on their malicious website.

The dark web marketplace is a buying-and-selling platform for stolen corporate data, such as trade secrets, accounting reports, customer databases, and manufacturing diagrams.

The latest post on the underground market was 28.7GB worth of massive data and administrative files, which they have described as data stolen from a particular hospital network that failed to pay threat actors’ ransom demands.

However, according to a French news portal, despite GHT being a large group of healthcare institutions, the recent data theft had only affected a Vitry-Le-François hospital. Hence, delisting Industrial Spy as the platform where the stolen data of GHT is being sold.

About the author

Leave a Reply