French Hospital Hit with Ransomware Attack, Hackers Asked for $10m

The South Ile-de-France Hospital Center (CHSF), a major hospital in France, has been hacked by an anonymous ransomware group that left the nurses to manually handle patient data and medications while the facility struggled to deliver emergency services. Hackers have demanded a $10 million ransom.

On Sunday, August 21, the cyberattack crippled a variety of IT systems at the CHSF hospital, such as PCs, storage servers (including those that provide medical imaging services), and patient admission platforms.

Since August 21, if the patient's care requires access to the technology platform, the hospital has been sending them to other facilities. They also changed or diverted the schedules for surgeries.

“In this context, a first measure came into force on Sunday, August 21 in order to guarantee the safety of care,” the translation of the CHSF announcement reads, “With regard to people hospitalized in the establishment, the crisis unit has put in place the necessary measures for their care.”

Some think the attack may have been caused by the LockBit ransomware. Although it hasn't been proved, there is speculation that the LockBit 3.0 ransomware organization is responsible for the attack because the LockBit group has a strong RaaS program, according to Sally Vincent, the senior threat research engineer at LogRhythm.

While Gilles Calmes, the hospital's director, states that they have no plans to pay the ransom. He said, “You are aware that the hospital would not, has not, and will not pay this kind of ransom.” The hospital leaves things for the Centre for Combating Digital Crime (C3N), a component of the gendarmerie.

Located in the towns of Corbeil-Essonnes near Paris, CHSF has around 1,000 beds and over 3,500 employees to serve tens of thousands of patients annually, which provides hospital coverage for around 600,000 inhabitants.

Cyberattacks on healthcare facilities like CHSF harm patient lives and increase the risk for people who are undergoing a medical emergency. A woman in Germany died in 2020 after cybercriminals attacked a hospital due to an hour-long delay in potentially life-saving treatment. So, antimalware measures are important not only for data protection but also for something more valuable. That brings us to the next point.

How to avoid ransomware attacks?

This is a question repeated by people constantly in the hope of fighting against internet attacks luring in the dark. Here are the best practices for defending against cyber attacks.

Employee awareness training: Security awareness training is one of the most crucial programs a business can offer because end users and workers are the most typical entry points for cyberattacks. Users who are gullible or underprepared might be readily exploited by phishing and social engineering techniques.

Endpoint protection: Install endpoint detection and response (EDR), firewalls, and update systems/software periodically for all network users to prevent loopholes used by cybercriminals. Adding application whitelists that determine which programs are available for download and execution via a network can also help you protect endpoints by blocking malicious websites.

Access privilege limitation: By limiting user access to the data related to their work, you can stop ransomware from spreading between computers, and even with access permissions, users could come across restricted resources or functions. Usually, this also involves a zero-trust model that requires at least two-factor or multi-factor authentication to guard against access targeting data in the event of a breach.

Regular security testing: Companies need to conduct frequent cybersecurity testing and assessments as ransomware techniques continue to change for better response to shifting surroundings. Businesses should consistently review the access points and user privileges, determine fresh system weaknesses and establish new security procedures.

Data backup and recovery: Keeping 3 distinct copies of your data, 1 of which should be offline, on 2 different forms of storage is the one of the safest risk mitigation practices. But if accidents happen and your data is wiped clean or exfiltrated, it is the best scenario that you have backups for a quick disaster recovery to minimize damages.

Vinchin Backup & Recovery is an experienced backup solution that combines easy and efficient data backups and multiple disaster recovery features to guarantee quick data retrieval for 10+ virtualizations such as VMware, XenServer, OpenStack, and more.

Frequent Backups: Maximize the backup efficiency and speed with the CBT/SpeedKit incremental backup, data reduction techniques, multithreaded transmission, and email alerts under customized backup schedules to automate the process. And simplify your management in one console.

Anti-Ransomware Backup Storage Protection: To protect against sneaky ransomware attacks like the CHSF incident, the software's real-time I/O identifies and blocks any previously undetected access requests, guaranteeing that only Vinchin backup server is permitted and accessible.

Offsite Backup Copy: You can save another backup copy in the offsite to pan for the worst when both the local production environment and the backup environment are unavailable.

Instant Recovery: For practically flawless business continuity and little system disruption, the 15s fast recovery feature quickly restores a corrupted VM to operation.

An effective ransomware defense strategy begins before any attacks take place. It might already be too late to take action if you wait until ransomware assaults your network. You'll want to prepare for any eventuality by backing up your files and having a plan to restore them in case of emergencies. Download the 60-day free trial version of Vichin Backup & Recovery now for backup in advance.