Government officials in France say a number of hospitals have been hit by malware attacks, slowing down operations as they struggle to deal with COVID cases. French President Emmanuel Macron last week announced a plan to defend health facilities from cyber threats.
Security experts are worried about the never ending list of recent cyberattacks against French hospitals: mid-December in Evreux, Normandy, last week in Dax near the Atlantic Ocean and the latest one in Villefranche-sur-Saône near Lyon, where Dr. Herve Bontemps, a hospital pharmacist, says the attacks have slowed down operations.
He says the lab can operate and machines work but staff cannot process the results through computers so they send notifications on paper manually and deliver them to each service in the hospital.
Hospitals are forced to deal with these attacks by doing things like postponing non-emergency procedures or canceling X-rays. The measures have put an even bigger burden on health workers already dealing with COVID-19, which has killed more than 80,00 people in France.
The scenario keeps repeating: malware paralyzes IT systems in hospitals that often do not have proper security systems against hackers who demand hundreds of thousands dollars of ransom.
Cedric O is France’s minister for digital technologies. Speaking on the Senate floor last week, he described the deteriorating situation.
He said he was concerned that the whole country was targeted by cyberattacks and said 27 French hospitals suffered them in 2020. Worse, he said, French authorities have been monitoring one cyberattack per week against hospitals since the beginning of the year.
France is not the only country facing the cyber criminality threat.
Healthcare giant Universal Health Services was hit last year by a cyberattack which impacted 400 facilities across the United States.
Security experts describe this ransomware assault against hospitals as money-oriented where hackers have no political motives and are not backed by foreign states.
“In the case of ransomware is to get in a short period of time a maximum amount of money," said Nicolas Arpagian, a professor with the Economic War School in Paris. "Criminals are using these tools as, on the dark web, you would find very easily database of emails, software, malware to use and send by email. This is a very well developed criminal activity and people who wrote that kind of malicious codes are not necessarily the ones who will exploit them and do business with it.”
To beef up cybersecurity nationwide, French authorities are pledging to spend $1.2 billion by 2025 to increase security systems among public infrastructures and private companies.