At 2 a.m. one day in early February, the deputy director of the main hospital in the town of Dax, in southwestern France, took an urgent call from a normally unruffled colleague in the IT department.
“He’s generally very calm, but I could tell in his voice that there was something very unusual,” Aline Gilet-Caubere told AFP from her office.
The technician reported that staff working overnight were suddenly unable to use their computers, which displayed a ransom note stating that the hospital’s systems had been hacked and encrypted.
The attackers made a classic request: They would provide a key to reverse the damage when paying in Bitcoin, and they provided email addresses to organize the transfer.
“We imagined that we were a sanctuary as a hospital, with our role, that no one would dare (target us),” Gilet-Caubere said. “But not at all, actually. It’s part of the psychological shock. ”
Unwilling and unable to pay, hospital directors had no choice but to order a return to the pre-Internet, pre-computer age.
Amid the COVID-19 pandemic, paper records have reappeared. The doctors picked up pencils and jotted down notes.
A manual system using stickers and flowcharts kept track of patients as they moved.
There was no phone system or email.
Payroll and vendor data has been lost. All of the approximately 110 to 120 different software platforms operated in the hospital were down.
And more than three months later, after weeks of chaos and frustration for doctors, as well as months of work by cybercrime technicians, the hospital is still not back to normal.
“We can’t say when it’s all over. We keep finding problems, ”said Gilet-Caubere.
‘Crisis within a crisis’
But the 2,200 staff at Dax hospital weren’t the only ones struggling with a public health emergency over the past 18 months and the worst technology failures of their careers.
Elsewhere in France, at least half a dozen other public hospitals have seen their operations severely disrupted after being targeted by ransomware hackers since the start of the COVID epidemic in Europe in early 2020.
Cyrille Politi, chief technology advisor at the Fédération hospitalière de France, has no doubts that hackers have stepped up the attacks and crossed a moral line that has made public hospitals virtually banned.
“It’s a real paradigm shift,” he told AFP.
According to France’s Digital Affairs Minister Cedric O, 27 hospitals suffered some form of cyberattack last year, including ransomware, while there was one per week on average in the first two months of the year. year.
In February, as the alarm grew over the vulnerability of the health system, President Emmanuel Macron asked to be informed personally by staff at Dax and Villefranche-sur-Saône.
He announced an additional billion euros for cybersecurity in the health sector, calling the wave of attacks at the height of the pandemic a “crisis within a crisis”.
Although rare in France, attacks on hospitals have been a regular feature of global cybercrime for years, especially in the United States.
“What these actors (hackers) are looking for at all levels are targets that have an operational imperative,” said Adam Meyers of the US cybersecurity firm CrowdStrike.
“They target things like healthcare because healthcare is one of the unfortunate areas where it’s not a financial decision, it’s a life and death decision. “
And in the United States, too, the pandemic has been seen as a business opportunity by some hackers.
After dozens of attacks in late 2020, the FBI and US authorities have warned of “credible reports of an increased and imminent cybercrime threat” to hospitals and healthcare providers.
The bad news for hospitals and other potential targets is that ransomware attacks are becoming more sophisticated and numerous.
Everything from information about computer vulnerabilities of individual organizations to hacking and encryption technologies is for sale online in closed criminal forums.
Gangs with names like Evil Corp or DarkSide operate beyond the reach of Western law enforcement in Russia or the former Soviet republics, according to cybersecurity firms.
The attack on Dax hospital used a well-known malware called Ryak, and IT director Gilbert Martin said the hackers had left “Russian traces”.
But with low risks, high rewards, and almost limitless potential targets, ransomware piracy is growing exponentially globally.
Victims made payments estimated at $ 350 million in cryptocurrencies in 2020, a 311% increase from 2019, according to specialist analytics firm Chainalysis.
Earlier this month, DarkSide created fuel shortages in the United States and extracted more than $ 4 million from Colonial Pipeline, a company transporting gasoline and diesel from the US Gulf Coast to the northeast. .
“Those who ply their trade in this multi-billion dollar industry operate with near total impunity,” Brett Callow of cybercrime firm Emsisoft told AFP.
For radiologist Nicolas Pontier from Dax hospital, the experience of not being able to treat his cancer patients was a red flag which, he hopes, will be heard by others.
“I never imagined that I would have to stop for two months,” he said. “I thought in a week or two that would be fixed. We still do not have a fully functional system. ”
© 2021 AFP
This document is subject to copyright. Other than fair use for private study or research purposes, no part may be reproduced without written permission. The content is provided for information only.