The André Mignot hospital in Paris, France, was forced to shut down its electronic devices, phones, and computers due to a ransomware attack. The incident occurred on December 4, 2022, and the damage extended beyond the digital realm.

The amount requested was not disclosed. Richard Delepierre, co-chairman of the hospital's supervisory board, commented that the requested amount would not be paid.

What were the consequences of the ransomware attack?

The Regional Health Agency (ARS) commented that the facility had to cancel pending surgeries. After the attack, the hospital resumed normal visits and consultations. Six patients were transferred from the neonatal and intensive care units, according to François Braun, the French Minister of Solidarity and Health since 2022, who visited the hospital.

Also present was Jean-Noël Barrot, Minister Delegate for Digital Transition and Telecommunications. He even isolated the infected systems in order to limit the spread of the malware to other devices.

The French National Authority for Security and Defense of Information Systems (ANSSI) was alerted to the case and began an investigation. The Paris Public Prosecutor's Office also became involved. In response, it opened a preliminary investigation after a formal complaint was filed by the hospital. The perpetrators of the attack are unknown.

The ARS even advised those who had something planned within the hospital to seek out the doctor or department assigned to them, and they would be redirected to an available unit.  

Attacks in hospitals have become more frequent.

According to Braun, "the health system suffers daily attacks." On August 22, another attack, this one at the Corbeil-Essonnes hospital in Paris, demanded a ransom of 10 million dollars and halted all services.

The criminals kept the system locked and threatened to release patients' medical data. As a result, doctors had to perform their basic duties on paper and could no longer fill out forms using computers. 

To illustrate the seriousness of these recurring cases, the France Info website conducted a worrying survey: there were 380 cyberattacks on hospitals in France in 2021. In percentage terms, this represents a 70% increase compared to the previous year.

Dax Hospital lost all its patient data. In turn, in 2021, the hospital in Villefranche-sur-Saône had 3.000 access points compromised. The data collected by the criminals is sold on the black market, and each file can fetch up to 300 euros.

Investing in cybersecurity

It is to be expected that companies will have more resources allocated to digital securityThe French government, in February 2021, even commented on strengthening the cybersecurity strategy for establishments by at least 350 million euros. Furthermore, sensitive situations of this type also increased in Central Europe, with Germany and Spain being the main targets.