First, there was the public assistance-Hospitals of Paris (AP-HP) in March 2020. Then Dax hospital, February 9, 2021. Then the hospital sites of Villefranche-sur-Saone, Tarare and Trévoux this Monday, February 15, 2021. In the space of just a few months, several health establishments have been victims of crippling cyberattacks.
As part of the Cyber strategy presented on February 18 by the President of the Republic Emmanuel Macron, the Government announces this February 22 to strengthen its cybersecurity strategy for health and medico-social establishments for an amount of at least 350 M euros. “Since the start of the year, a healthcare establishment has been the victim of a cyberattack every week. This is why we have chosen to invest massively in the security of health information systems through the Ségur de la Santé “, commented Olivier Véran, Minister of Solidarity and Health, during a trip to Villefranche-sur-Saône.
In addition to budgetary support, the Minister is focusing on strengthening of training, information and raising the awareness of stakeholders in the field of health with regard to the security of digital practices. To this end, cyber security awareness will be integrated into all training courses for health workers. Finally, the requirements in terms of IT security will be strengthened for all the establishments supporting the 135 regional hospital groups.
Cyber attacks on hospitals: what exactly is happening?
It is 4.30 am when the “Ryuk” ransomware suddenly paralyzes all the computers at the North West hospital in Villefranche-sur-Saône (Rhône). The computer attack also reached the Tarare and Trévoux sites.
What happened ? “Hackers typically perform what is called an “initial compromise”, explains Benoît Meulin, spokesperson for F-Secure, a company specializing in cybersecurity. Concretely, as in the context of an epidemic, there was a zero patient: a priori, someone clicked on a link (probably sent via an e-mail) which subsequently made it possible to download a ransomware program – or “ransomware” in French.“
“This program lurked on the computer and quietly spread to all networked computers. At around 4:30 am, the pirate software took action: the computers were blocked, all at the same time.“A ransom demand was then communicated to the hospital to restore the frozen computer data … and access to the computers. The motivation of hackers is (of course) financial.
Cyber attacks on hospitals: vulnerable establishments during a pandemic
Since November 1, 2020, and especially in Central Europe (Germany, Spain, France), computer attacks against hospitals and healthcare establishments have increased by more than 45% against “only” 22% in other areas. These are mainly ransomware attacks (Ryuk, Sodinokibi …).
Why this increase in cyber attacks? Because in this period of the Covid-19 epidemic, hospitals are particularly vulnerable. Indeed: on the one hand, caregivers are under pressure with a continuous influx of patients (those suffering from Covid-19 adding to the usual flow) and an understaffing regularly denounced by professionals and unions. Result: undoubtedly less vigilance vis-à-vis cybersecurity, in connection with stress and fatigue.
On the other hand, hackers believe that in this time of health crisis, hospitals may be ready to pay the ransom demanded to continue to provide hospitality and care for patients.
“Not to mention that, in the budgets of hospitals and health establishments, cybersecurity does not weigh very heavily: at the moment, hospitals are therefore a prime target for hackers.“adds Benoît Meulin. In fact, in 2018, the budget allocated to digital technology (which includes cybersecurity) represented only 1% to 2% of the total budget of hospitals in a majority of establishments.
Cyber attacks on hospitals: what consequences for patients?
A “virtual” attack can have very concrete consequences, in particular in a hospital where many machines (scanner, MRI …), many services (making appointments, patient files …) and many protocols (sterilization, respirators …) depend on IT.
In September 2020, a computer attack on the Düsseldorf university clinic (in Germany) even had a tragic consequence: a patient who had to be operated on urgently had to be transferred to another establishment, the intervention being impossible on up due to the cyber attack. The patient died during the trip.
At Dax hospital, where a cyberattack has been underway since February 9, 2021, around 70 people (followed in radiotherapy) had to be referred to other establishments because the computer attack had made treatment impossible. Equipment sterilization and restoration (mostly computerized) protocols were also severely disrupted.
In addition, the director of the Regional Health Agency (ARS) of Nouvelle-Aquitaine, Benoît Elleboode, asked patients to “contact the services so that they can together reconstruct the agenda (…) As the health system is shut down, the hospital no longer has its appointments.“
At Villefranche-sur-Saône hospital (most recently affected, on the night of February 15 to 16, 2021), 3000 computers were blocked by the cyberattack: “all workstations have been disconnected, with the exception of the emergency switchboard, all telephony has been made inaccessible“explains the establishment in a press release.
Patients requiring emergency care are now redirected to other hospitals; the maternity ward, the Covid-19 vaccination center, the neonatal service, resuscitation and continuing care services are still functioning, and no transfer is (to date) envisaged.
Cyber attacks on hospitals: when will it be back to normal?
“It’s a game of the policeman and the thief: the hacker tries to keep one (or more) steps ahead of the cybersecurity experts“Deplores Benoît Meulin. In short: it is very difficult to anticipate a computer attack, even if the mode of action is sometimes well known (for example: the Ryuk software has been studied since 2018).
Thereby, at Dax hospital where computers and the network have been paralyzed for 10 days, the situation could return to normal under “several days, several weeks“estimated Gilbert Martin, responsible for the information system of the establishment, interviewed this Thursday, February 11, 2021.
At Villefranche-sur-Saône hospital, the situation is managed by the National Information Systems Security Agency (ANSSI): President Emmanuel Macron on Thursday, February 18, 2021, declared refusing to pay the ransom demanded by the hackers. In the meantime, caregivers are back to paper and pen.
“Getting out of this situation will require time and money: this is why it is imperative to act in prevention, by providing hospitals with effective cybersecurity.“considers Benoît Meulin. At the patient level (for example: when you consult your Shared Medical File on the internet), the expert recommends”check where a link leads before clicking on it, leaving the mouse a few seconds on the URL. Never enter your personal data (password …) until you are sure you are where you want to go. Never relax your vigilance on the internet, especially on your professional computer.“
Sources:
- Check Point press release
- Interview Benoît Meulin, spokesperson for F-Secure, February 2021.
- Ministry of Health, Press release “Security of computer networks in health establishments”, Ministry of Health, February 22.
Read also :
- Connected insulin pumps vulnerable to cyberattacks
- Hospital: the computer failures involved
- Health survey: Abuse of screens: our brains in danger?
