France’s healthcare and hospitals group, GHT Coeur Grand Est., was recently forced to disconnect all of its outgoing and incoming internet connections when it discovered it had been struck by a targeted cyberattack.

The attack resulted in sensitive data being stolen, which included both patient and administrative information.

The GHT is a dedicated hospital network situated in Northeast France. It consists of nine separate locations with a total capacity of around 3,370 beds, and is served by approximately 6,000 employees.

A targeted attack on French healthcare

Taking place on April 19, the attack impacted both Saint-Dizier and Vitry-le-François central hospitals. In reaction, GHT disconnected it internet connections serving the hospitals in order to prevent the spread of the attack and any subsequent data theft.

A translated statement, issued by GHT commented on the containment measures:

“The GHT Cœur Grand Est has cut all incoming and outgoing internet connections from its establishments in order to protect and secure information systems and data. This computer containment will continue until the risk of a new attack exploiting the flaw created is completely circumscribed. To this end, some online services are temporarily unavailable (making appointments, etc.).”

The healthcare network went on to state that the threat operators responsible were also able to successfully copy administrative data retained in the group’s systems. It warned that as a result, potentially other cybercriminals may be able to disclose or use the stolen data.

However, patient care has been able to continue as usual, as the software employed within the two hospitals was not impacted by this incident and all general IT systems are still fully operational.

However, services delivered online remain affected while the flaw that enabled unauthorised access is being investigated. Additionally, due to the breach, there is a dramatically increased threat that scams and social engineering attacks may be aimed at hospital employees has patients.

In its recent announcement, to mitigate such risks, GHT has urged data subjects impacted by the event to be mindful of texts, phone calls, and emails. If suspicious requests are made via these channels, targets are recommended to report such activities to France’s law enforcement authorities.

Cybercriminal attacks on the healthcare systems

Since March 2020 when lockdowns and other COVID-19 pandemic measures began, cybercriminal researchers have recorded an increased number of attacks levelled at hospitals, clinics, and other healthcare sector orgs around the world, including here in the UK.

Threat operators thrive in environments where they can cause panic and disruption. Under increased pressure during the pandemic, cybercriminal operations were quick to capitalise on circumstances and single out struggling healthcare operations as targets.

Ransomware attacks are often particularly successful strategies to aim at organisations and enterprises supplying critical care and services. With a requirement to keep running effectively to serve the needs of their patients, hospitals and healthcare operations are often willing to concede to paying ransoms in return for restoring their systems. Additionally, the data held by hospitals is always sensitive in nature and must not be exposed adding to the likelihood that they will acquiesce to demands to protect their patients probate information.