Between 2022 and 2023, thirty French hospitals were the subject of a cyber-attack by ransomware (encryption of data making it unusable), according to a “state of the computer threat” on the health sector published Thursday by Anssi, the guardian of French IT security, relayed by l'AFP.
“In 2022 and 2023, Anssi was informed of 30 compromises and encryptions by ransomware that affected healthcare establishments”Who “represent 10% of incidents linked to ransomware reported to Anssi over this period”.
In 2022, the attack on the South-France hospital center in Corbeil-Essonnes notably led to the transfer of newborns from the neonatology department to another hospital, and the paralysis of biological analysis machines.
Eleven gigabytes of data were stolen simultaneously and then published online by the hackers.
“Significant discomfort for functioning”
Asked by l'AFPthe general director of Anssi Vincent Strubel estimated that hospitals today were better able to control the consequences of these attacks.
“What we are seeing today are hospitals reacting quickly and well to attacks and managing to prevent the spread of an attack to all of a hospital’s IT”he indicated.
The attacks “cause significant impairment to functioning” establishments “for a few weeks”more “we no longer see […] of almost complete paralysis of IT »requiring months of work to restore normal operation, he explains.
However, “attacks continue to cause inconvenience, there are data thefts, so we cannot be complacent” of the current situation and efforts must continue to improve the defense of hospitals, he said.
Two significant cyberattacks on hospitals
In 2024, two hospitals were again victims of significant cyber-attacks, the Armentières hospital, in February 2024, and the Cannes hospital, in April 2024.
In its note, Anssi mentions other cyber risks weighing on the health sector, and in particular the risk linked to connected medical devices.
In February 2024, French third-party payment management specialists Almerys and Viamedis were also victims of computer attacks “which led to the leak of personal data of more than 33 million people, or almost half of the French population”also recalls Anssi.
