Rouen University Hospital Center (CHU) in northern France suffered a major ransomware attack. Nearly 6,000 hospital computers were infected forcing the staff to resort to pen and paper usage for data entry and daily operations.
CHU is spread over five sites, consisting of more than 8,000 employees and nearly 1,300 beds. The entire chain and all its departments operate on networks and applications designed specifically for healthcare providers. On 15 November, around 19:00 hours, a crypto-ransomware virus infected the entire chain of networks. This “made access to most business applications inaccessible, but also infected some of the workstations,” said head of communications, Remi Heym in an official statement.
He further continued, “Many services operated in degraded mode and hospital staff were confronted with disruptions, particularly in regard to computerized prescriptions, reports or admissions management, which had to be transmitted via telephone or paper.” The laboratory and the radiology department also faced a lot of inconvenience. “The doctors only prescribed the necessary blood tests. And the staff was asked to pick up the paper results manually,” said an emergency department nurse.
Heym also said, “No medical or personal data have gone missing as a result of the attack. We have not received any ransom demand, and neither are we going to pay any ransom in return for restoration.”
France’s national cyber-crime agency, ANSSI, helped limit the scale of the outbreak, as per reports from France’s Le Monde newspaper. Based on the critical importance of various units in the hospital, ANSSI began the network and system restoration process. The paper reported that French hospitals are rare targets for ransomware attacks. But hospitals and healthcare industry have become a favorite target of cyber-attackers off late because the patient data they retrieve is highly valuable on the dark web.
In a recent example, Multiple hospitals and health service providers from the U.S. and Australia were forced to shut down some of their operations after being hit by a chain of ransomware attacks. According to an official statement, the attack affected and disrupted the IT systems of the DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center from West Alabama’s Tuscaloosa, Northport, and Fayette. The affected hospitals had to turn away new patients and also cancel some surgeries.