This is the first cyberattack of this magnitude at the University Hospital Center (CHU) in Rennes. According to information from the Telegram, the attack was identified as a major threat on Wednesday around 18 h, following an internet and messaging blockage.Staff were quickly informed and a crisis unit was opened. The Regional Health Agency (ARS) clarified in the evening that the hospital continued to operate in degraded conditions and that the care of patients continued normally.
So far, no ransom note has been issued. This morning, specialists from the National Information Systems Security Agency (Anssi) were at the bedside of the CHU.
Hospital isolation
According to Stéphane Nizery, union representative of the CGT, “the main impact of this cyberattack is linked to the fact that the hospital is now completely isolated from the outside”. While caregivers still have access to patient files, certain features such as the touch terminals at the reception of the hospital block are out of service.
According to an internal email that we were able to consult, teleconsultation, tele-expertise and tele-imaging are interrupted. Booking an appointment via the Internet is not possible: patients must contact the hospital by telephone. This Thursday at noon, the hospital’s website was still inaccessible.
Another consequence: internal transport is in difficulty. “The stretcher bearers normally work on smartphones, but nothing works anymore. They are forced to go back to paper, ”says the union representative. “In the imaging departments and in the emergency room, the night was complicated, but the staff found solutions to relieve the load and patient care returned to normal”. Back to paper also for patient summonses, treatment reports and death certificates.
Unclaimed attack
For the time being, the attack has not been claimed. A “surprising” situation according to Clément Domingo, ethical hacker known under the pseudonym of Saxx. “Usually, this kind of operation is always quickly claimed by the authors. For now, we have no idea what it could be.
This is not the first time that a hospital has been hit by a major cyber attack. In March 2023, the Brest-Carhaix University Hospital had operated in “degraded mode” for almost a month after an intrusion into its computer systems. According to Stéphane Nizery, “we must now determine whether the hackers had access to the hospital’s confidential files”.
