DAX, France – At 2 a.m. one day in early February, the deputy director of the main hospital in Dax, southwestern France, received an urgent call from a normally unruffled colleague in the IT department .
“He’s generally very calm, but I could tell in his voice that there was something very unusual,” Aline Gilet-Caubere told AFP from her office.
The technician reported that staff working at night were suddenly unable to use their computers, which displayed a ransom note stating that the hospital’s systems had been hacked and encrypted.
The attackers made a classic request: They would provide a key to repair the damage when paying in Bitcoin, and they provided email addresses to organize the transfer.
“We imagined that we were a sanctuary as a hospital, with our role, that no one would dare (target us),” Gilet-Caubere said. âBut not at all, actually. It’s part of the psychological shock.
Reluctant and unable to pay, hospital directors had no choice but to order a return to the pre-Internet and pre-computer age.
In the midst of the Covid-19 pandemic, paper files have reappeared. The doctors picked up pencils and jotted down notes.
A manual system using stickers and flowcharts kept track of patients as they moved.
There was no phone system or email.
Payroll and vendor data has been lost. All of the approximately 110 to 120 different software platforms running in the hospital were down.
And more than three months later, after weeks of chaos and frustration for doctors, as well as months of work by cybercrime technicians, the hospital is still not back to normal.
âYou can’t say when it’s all over. We continue to find problems, âGilet-Caubere said.
– “Crisis within a crisis” –
But Dax’s 2,200 hospital workers weren’t the only ones struggling with a public health emergency in the past 18 months and the worst tech failures of their careers.
Elsewhere in France, at least half a dozen other public hospitals have seen their operations severely disrupted after being targeted by ransomware since the start of the Covid epidemic in Europe in early 2020.
Cyrille Politi, chief technology adviser at the FÃ©dÃ©ration hospitaliÃ¨re de France, has no doubts that hackers have stepped up the attacks – and overstepped a moral line that has made most public hospitals banned.
“It’s a real paradigm shift,” he told AFP.
According to the French Minister of Digital, CÃ©dric O, 27 hospitals suffered some form of cyber attack last year, including ransomware, while there was one per week on average during the first two months of the year .
In February, as alarms grew over the vulnerability of the health system, President Emmanuel Macron asked to be informed personally by staff from Dax and Villefranche-sur-SaÃ´ne.
He announced an additional billion euros for cybersecurity in the health sector, calling the wave of attacks at the height of the pandemic a “crisis within a crisis”.
– Impunity –
Although rare in France, attacks on hospitals have been a regular feature of global cybercrime for years, especially in the United States.
âWhat these actors (hackers) are looking for at all levels are targets that have an operational imperative,â says Adam Meyers of the US cybersecurity company CrowdStrike.
“They are targeting things like health care because health care is one of the unfortunate areas where it’s not a money decision, it’s a life and death decision.”
And in the United States, too, the pandemic has been viewed as a business opportunity by some hackers.
After dozens of attacks in late 2020, the FBI and US authorities have warned of “credible reports of an increased and imminent cybercrime threat” to hospitals and healthcare providers.
The bad news for hospitals and other potential targets is that ransomware attacks are becoming more sophisticated and numerous.
Everything from information about computer vulnerabilities of individual organizations to hacking and encryption technologies is for sale online in closed criminal forums.
Gangs with names like Evil Corp or DarkSide operate outside the reach of Western law enforcement in Russia or the former Soviet republics, according to cybersecurity firms.
The attack on Dax hospital used a well-known malware called Ryak, and IT director Gilbert Martin said the hackers had left âRussian tracesâ.
But with low risks, high profits, and almost limitless potential targets, ransomware hacking is growing exponentially globally.
Victims made payments estimated at $ 350 million in cryptocurrencies in 2020, a 311% increase from 2019, according to specialist analytics firm Chainalysis.
Earlier this month, DarkSide created fuel shortages in the United States and extracted more than $ 4 million from Colonial Pipeline, a company transporting gasoline and diesel from the US Gulf Coast to the North. is.
“Those who ply their trade in this multi-billion dollar industry operate with almost total impunity,” Brett Callow of cybercrime firm Emsisoft told AFP.
For radiologist Nicolas Pontier of Dax hospital, the experience of not being able to treat his cancer patients was a red flag which, he hopes, will be heard by others.
âI never imagined having to stop for two months,â he said. âI thought in a week or two that would be fixed. We still do not have a fully functional system.
SUBSCRIBE TO THE DAILY NEWSLETTER
CLICK HERE TO SIGN UP