Évry, France (AFP) — Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed.
The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near Paris a month ago, but the institution refused to pay.
The hospital said the hackers had now dumped medical scans and lab analyses along with the national security numbers of patients.
“I condemn in the strongest possible terms the unspeakable disclosure of hacked data,” health minister Francois Braun tweeted on Sunday.
Hospitals around the world have been facing increasing attacks from ransomware groups, particularly since the pandemic stretched resources to breaking point.
The problem has been acute in France, where officials estimated early last year that healthcare institutions were facing on average an attack every week.
President Emmanuel Macron last year called the attacks during the pandemic a “crisis within a crisis” and announced an extra one billion euros for cybersecurity.
During last month’s attack, the Corbeil-Essonnes hospital shut down its emergency services and sent many patients to other institutions.
At one point, officials said the only technology still working was the telephone.
Rather than selling the trove of data, the hacker has dumped at least some of it for download on the “dark web” — a hidden part of the internet that requires special software to access.
Analysts said it seemed to be a tactic to put pressure on the hospital, even though public institutions are banned by French law from paying ransoms.
Cybersecurity researcher Damien Bancal, who revealed the leak and has seen the files, told AFP the worry is that other criminals will now launch scams with the data that has already been divulged.
In response to the leak on the weekend, the hospital severely restricted access to its systems and told patients to be extremely vigilant when receiving emails, text messages or phone calls.