Databack success stories: When cybercrime threatens healthcare facilities
By targeting the healthcare sector, cybercrime demonstrates its lack of morality! Taking advantage of security flaws in HIS (hospital information systems) and the critical nature of healthcare data, ransomware attacks are targeting hospitals and healthcare establishments. .
Ransomware attacks hospitals
In February 2021, several French healthcare establishments were targeted by large-scale computer attacks : the Dax hospital, the CHT (communauté hospitalière de territoire) Hôpital Nord-Ouest in Villefranche-sur-Saône and the GHT (groupement hospitalier de territoire) in the Dordogne fell prey to ransomware (or ransomware).
These high-profile cyber-attacks show that healthcare establishments are prime targets for hackers. Sooner or later, every major healthcare facility will be affected by an act of cybercrime. Taking advantage of security flaws in certain HIS (hospital information systems), ransomware paralyzes establishments or groups of establishments by encrypting their computer data, from production servers to backups.
The sensitive nature of healthcare data (DDS) and computerized patient records (DDI), the emergency nature of certain types of care and the operation of certain operating theatres are putting IT departments under pressure… and, above all, threatening patients’ health.
It is therefore crucial for healthcare establishments and organizations toanticipate these cyber-attacks.
Health sector and digital security: raise awareness, react, stand your ground!
In the face of cybercrime and ransomware, many players have specialized in the digital security sector. Services range from finding (and securing) vulnerabilities in information systems, to providing support in the event of a disaster following a ransomware attack.
The ANSSI (Agence nationale de la sécurité des systèmes d’information – French national agency for information systems security) is the main institutional point of reference. It raises user awareness of basic computer security practices; advises companies, organizations and local authorities on service providers who can intervene before or after a computer incident; and publishes annual guides and awareness kits such as Ransomware attacks.
When it comes to fighting cybercrime, recovering encrypted data is a crucial activity, as it will enable you to follow this advice and keep your resolution: “Never pay the ransom!”.
Case study: ransomware attack on a private clinic
Databack has built up a wealth of experience in recovering and restoring data from IT infrastructures and backup systems in the event of aransomware attack.
Following an attack on a private clinic in the west of France, our crisis unit was contacted in recent weeks. From the admissions office to the medical imaging department, all the clinic’s systems were blocked.
In collaboration with the government departments and security experts accompanying the clinic, as well as the insurer in charge of the case, our Cyber-attack department drew up an appropriate action plan, and diagnosed the equipment on which to intervene. We activated our on-call service to analyze the equipment received and assess recovery options in greater detail.
An exhaustive analysis of the HIS enabled us to target the media (servers, NAS, tapes, etc.) needed to restore the data, as well as the nature of the files to be analyzed (VMWARE, VEEAM, etc.). Although part of the data was damaged during the attack, our proprietary tools enabled complete data extraction.
Finally, we ensured that the data was returned in a format compatible with the customer’s new HIS, to facilitate reintegration.
30 March 2021