A hospital in the north of France has been struck by a major ransomware attack, eerily similar to the 2017 WannaCry attack.
The Rouen University Hospital-Charles Nicolle (CHU) in the North of France, one of the largest hospitals with over 1,300 beds and 8,000 staff, was hit by malware last Friday, subsequently disrupting all operations throughout the weekend.
It is understood that the attack struck all five sites of the hospital complex, and to prevent any further infection the decision was made to shut down IT systems. Staff were forced back to using “the good old method of the paper and pencil,” according to Remi Heym, communications director of CHU.
“This resulted in very long delays in care, even if there was no danger to the health of hospitalized patients.”
It remains unknown as to which ransomware strain was responsible, however it has been reported that no ransom demand has been received.
It is believed that it will take much of this week to get systems up and running again to their standard functionality.
Shockingly, the attack echoes the infamous 2017 WannaCry attack on the UK’s National Health Service (NHS) – resulting in the cancellation of 19,000 appointments and operations, staff being unable to access patient data and critical services in around 34 NHS trusts.
In addition, the attack forced hospitals to refuse patients. Subsequently, the attack cost the NHS an estimated £92 million.
Steve Wright, CEO, Privacy Culture Ltd commented: “Unfortunately, here is another example of poor maintenance on infrastructure and legacy systems. Malicious actors will always be looking at ways to exploit vulnerable systems, ultimately to steal the data, or as in this case to raise money by blackmailing the health trust using tools such as ransomware. Only regular patching and the removal of obsolete systems and applications will help prevent organisations from being vulnerable from such attacks.
“This does beg the question about the priorities of the IT Director, or the IT Security representatives, as there appears to be a lack of due care and attention, ironically, in an environment where clinical excellence is in constant demand from patients and the Board.
“It is a timely reminder that every organisation should be testing it’s back up planning procedures to ensure it can continue operation without IT systems.”
A report by Malwarebytes observed a 60% increase in threat detections at healthcare organisations in the first three quarters of 2019. The report explained that as a result of aging infrastructure, low IT budgets and a wealth of personally identifiable information (PII), healthcare organisations are becoming prime targets for cyber criminals.
“Healthcare is vital to our population, industries and economy, which is why it’s an especially concerning industry to see targeted by cybercriminals,” said Adam Kujawa, Director of Malwarebytes Labs.