The “suspension of radiotherapy and oncology activities” had to be decided at the Castelluccio hospital in Ajaccio (Corse-du-Sud), after the establishment was the victim of a “ransomware-type cyberattack” since Monday. According to the Corsican Regional Health Agency (ARS), this cyber attack “paralyzes all information systems”.
“To guarantee the quality and safety of care, the establishment was forced to suspend radiotherapy and oncology activities for which information systems have a key role (dosages, targeting, etc.), specified the ARS which adds that “the establishment of an organization to ensure the continuity of urgent care for patients” is in the process of being “finalized”.
Regarding the other activities of this hospital center, in particular psychiatry, follow-up care and rehabilitation, “the continuity of care is ensured”, the agency further indicated. A “crisis cell” in connection with the ARS has been set up and “everything is done to restore normal and secure operation of activities as soon as possible”, she assures.
The virus from the “Vice society” group of hackers was detected in the computers of the health establishment. This is not the first time that these hackers have attacked a hospital: as revealed by Le Parisien in August 2021, this same group had claimed responsibility for the hacking of the hospital in Arles (Bouches-du-Rhône), then in full wave of Covid-19.
Ransom or publish the data
Vice Society penetrates the computer network of its target through a phishing operation and then exploits a very popular vulnerability at the moment and called PrintNightmare. Using a Windows flaw, “they manage to elevate their access privileges to the System level and have full latitude to distribute their ransomware throughout the victim’s network”, explained in August Hicham Bouali, technical director of One Identity, a company specializing in identity and access management. The data is then encrypted and rendered unreadable.
In an unfortunately well-tested strategy, hackers then resort to double extortion: they will first privately try to sell the victim the key to decrypt the data, the key to unlocking it. But if the target has a way to restore their backups and refuses to pay, they activate a second lever: the public threat to publish the siphoned data on their leak site or resell it to the highest bidder.