They carried out their threat. The hackers responsible for the cyberattack on the Corbeil-Essonnes hospital began to disseminate data on Friday, a source familiar with the matter said on Sunday. The data disseminated “seems to concern” users, staff and partners, but their nature has not been specified.
“The CHSF’s business databases, which include personalized patient files (DPI) and files relating to human resources management, have not been compromised,” the establishment said in its press release.
The hackers originally demanded a ransom of $10 million, later reduced to $1 million, which the Center hospitalier Sud Francilien (CHSF) in Corbeil-Essonnes refused to pay. They had set an ultimatum for the hospital to pay the ransom on September 23. The deadline expired, they released a series of data, added the source close to the file confirming information from the specialized site Zataz.
Nearly 2,800 people have already viewed the data
According to Zataz, Lockbit 3.0 hackers released more than 11.7 GB of sensitive content. “To date, 2797 people have already consulted this data. Among these people, unfortunately, are likely to be small pirates, diverse and varied, who will collect telephones, emails, or even other information to use in other scams, “says Parisian Damien Bancal, cyberintelligence specialist and founder of Zataz.
“This is a double extortion, consisting in exfiltrating part of the stolen data to put pressure on the victims. It’s a classic,” a cyberspace specialist told AFP.
The Paris public prosecutor’s office confirms for its part that “the Lockbit group released a link on Friday which, according to it, would allow access to data from the Corbeil-Essonnes Hospital. However, at this stage of the analysis of the elements in the possession of the investigating services, it is not possible to access the data”.
Open investigation
According to Zataz, the hackers would now claim from the hospital “2 million dollars (1 million to destroy the stolen data and one million to restore access to information via their dedicated software)”.
“This data has been stolen for a long time now. We now know that these hackers sorted, analyzed and processed this data. What intrigues me the most is that since the dissemination of the first threat information from Corbeil-Essonnes, about fifteen French companies – half of which were health companies – have motivated hackers. We don’t know why,” laments Damien Bancal.
This hospital located south of Paris, which provides health coverage for nearly 700,000 inhabitants of the outer suburbs, was the victim of a cyberattack on August 21. Its business software, its storage systems or even the information system relating to patient admissions, had been made inaccessible.
The hospital then lodged a complaint and seized the National Commission for Computing and Liberties (CNIL). The investigation, opened by the Paris prosecutor’s office and entrusted to the gendarmes of the Center for the Fight against Digital Crime (C3N), is underway. The National Authority for Security and Defense of Information Systems (Anssi) is also seized.
But “despite these measures and this responsiveness, the hackers nevertheless managed to exfiltrate personal data, including health data”, lamented the hospital in mid-September in a press release.