French Hospital Offline After Ransomware Attack

ntt

French hospital in Rouen forced to use pen and paper, after ransomware knocked out computers and servers

A hospital in France has been hit by a ransomware attack that knocked its computer systems offline, forcing staff to resort to good old fashioned pen and paper.

The attack on the 1,300 bed University Hospital Centre (CHU) in Rouen was revealed by the hospital in a posting on Facebook. The hospital admitted to “very long delays in care”, the AFP news agency reported.

Ransomware has enjoyed successful attacks recently against hospitals, cities, local governments and other organisations. Perhaps the most famous healthcare attack was the WannaCry ransomware attack, that struck worldwide in May 2017.

Healthcare attack

The global WannaCry ransomware attack disrupted operations at around 34 NHS trusts, preventing staff from accessing patient data and carrying out critical services.

Meanwhile medical staff at CHU were forced to abandon PCs as ransomware had made them unusable, a spokesman told the BBC.

Instead, staff returned to the “old-fashioned method of paper and pencil”, head of communications Remi Heym was quoted as saying.

The hospital insisted on its Facebook post that no patients were endangered as a result of the cyber-attack.

At this stage there are no details about the the strain of ransomware used in the attack, but it is said that servers and many desktop PCs were knocked out of action by the attack.

The hospital also said that no medical or personal data has gone missing as a result of the attack, and France’s national cyber-crime agency, ANSSI, helped limit the scale of the outbreak.

The good news is that no ransom was paid, and a formal investigation into who was behind the cyber-attack has been initiated by French police.

Phased defences

Security experts lamented that ransomware attacks against hospitals is not uncommon, mostly down to a lack of funding for adequate security protection.

“Over the course of the year, it has not become unusual to hear of hospitals being crippled by ransomware,” said Javvad Malik, security awareness advocate at KnowBe4.

“An overall lack of funding in security is usually a major contributing factor, with many hospitals running old or outdated systems which are easy to compromise,” said Malik. “The big question to be looking at is how ransomware gets into hospital networks. In the majority of cases, this will either be through unpatched software or through social engineering, typically a phishing email.”

“Therefore, to minimise the likelihood of ransomware getting onto systems, it’s important that hospitals start by focussing on these two common attack avenues,” he said.

Another expert highlighted the five phases of defences that organisations need to employ to protect themselves.

“Understanding what happens at each phase of a ransomware attack, and knowing the indicators of compromise (IOCs) to look for, increases the likelihood of being able to successfully defend against – or at least mitigate the effects of – an attack,” said Andrew Hollister, senior director of LogRhythm Labs.

“The five phases of defense against ransomware are preparation, detection, containment, eradication and recovery,” said Hollister. “Large scale outbreaks result from inadequate containment – where the local host needs to be immediately blocked and isolated from the network, which prevents additional files on the network from being encrypted.”

Another expert said that due to the critical nature of the work that hospitals do, they will continue to be targets.

“The healthcare sector faces a huge demand for its patient files from cyber criminals,” said Chris Ross, SVP sales, international at Barracuda Networks.

“This is because healthcare records holding sensitive and personal data are 100 times more valuable than stolen credit card details,” said Ross. “Hospitals in particular cannot afford disruption of their operations which means that if they get hit by a ransomware style attack, they have to negotiate with criminals and pay the ransom. Of course, attackers know this only too well, which is why they continue to focus their efforts on the healthcare sector.”

“While the digital security in many medical devices has yet to be standardised, hospitals and other medical facilities cannot just wait until devices become secure and safe,” said Ross. “They must build resilient infrastructures that protect their patients from attack and exploitation.”

Do you know all about security? Try our quiz!