The health sector is the test of computer attacks
The health sector is hard hit by the explosion of cybercrime.
All sectors have certainly suffered from the proliferation of cyber-malveillance acts, but it should be mentioned that health is one of the most affected. In 2020 alone, 27 hospitals were targeted by cyber criminals in France alone. We were also talking about a pharmaceutical laboratory. Whatever the reasons behind these differences, whether for money or espionage, the consequences are very real.
This article will also interest you: Computer attack on a hospital: where exactly the flaw comes from
"My on-call technician tells me that we are in the process of a cyberattack," says Nasser Amani. In 20 years of working in hospital information systems this is the first time we have seen such a well-prepared attack. "says the IT manager of the North-West Hospital in the town of Villefranche-sur-Saône (Rhône). On the night of February 15, 2021, the health facility was hit by a ransom program called Ryuk. A virus intended to take the computer system hostage and demanded the payment of a ransom of course.
"We have to stop everything first, to prevent it from spreading in our storage infrastructure," says Nasser Amani. Then we set up a crisis cell and go into degraded mode. ». Explains the manager, Nasser Amani. "Everything is done by hand, the prescriptions, the follow-up. We're going back 20 years. ». For their part, the data had been stored in separate servers which of course made it easier to recover the information needed to restart the system. "But it could have been terrible," says Nasser Amani. We could have lost everything, 25- or 30-year-old data for some patients. ».
Then the question arises as to whether the hospital, like many institutions of this kind, would pay the ransom if the information could not be recovered. Nasser Amani, in the face of the situation: "We never asked ourselves the question".
Would have been fair that in France, the rule and never pay the ransom. While not everyone does, some organizations, whether private or public, are able to stick to the principles. Because by paying the ransom demanded by hackers, it is clear that this encourages them to reoffend. However, if they receive nothing in terms of payment, they are forced to review their practice in one way or another. And there is a defense that he doesn't do it again: "They can seize patients' medical data. It's expensive data. On the black market, they are exchanged at around 250 euros each. This is the cornerstone of other crimes, as others will use it for other crimes, such as identity theft, misrepresentation, access, bank details, fraud," explains The President of the CyberPeace Institute, Stéphane Duguin.
On the other hand, if hospitals are generally targeted by this wave of cybercrime, in a sense one could show the aspect of their vulnerability in terms of security. Indeed, cyber criminals are interested in the easiest systems to attack."In the hospital," he says, "computer science has not been a priority for the last 10 years. A principal will prefer to recruit nurses, build a new operating theatre rather than replace PCs, or invest in security tools to guard against a threat that may not materialize. We have PCs in French hospitals that can be between 5 and 10 years old and it gives a certain fragility. says Vincent Trely, head of Apssis (the Association for the Promotion of The Safety of Health Information Systems).
It is not uncommon for hackers to often leave behind pieces of story codes to sign their cyber actions. Most of the signs that are observed by the gendarmes are Cyrillic writings so as to make us think of Russian hackers perhaps. "It's a cat-and-mouse game," he says. Sometimes we find little clues in a piece of code that tells us that potentially that would be there. But the attackers who create this malicious code also play with that. The Russians have a good back but they are not the only ones playing this game. Robert, an ethical hacker.
The situation governments are trying so hard to organize themselves to find a sufficient space for cooperation to counter the growing cyber-malveillance. "As soon as you leave the French or European framework, there is a slowness due to cooperation. There are different laws between countries, you do not have the same rules, the same investigative services, you have huge disparities. Pierre Penalba, cyber investigator and author of Cybercrimes (Albin Michel, 2020).
"We have good cooperation with Russia and Ukraine They have led to the arrest of the perpetrators of Emotet, one of the most harmful bank Trojans in years. Ditto for the Egregor file dealt in trilateral with the FBI, Ukraine and ourselves. This may have helped dismantle the team behind the malware. Catherine Chambon, deputy director of cybercrime at the Central Directorate of the Judicial Police.
Now access an unlimited number of passwords:
