On 9 March 2023, the Centre Hospitalier Régional Universitaire of Brest was victim of an intrusion into its information system. For the moment no details have been communicated concerning the type of attack.
A crisis unit was quickly activated and a complaint was also filed. The ANSSI is working hand in hand with the hospital's IT teams in order to bounce back from this attack. The analysis of this attack has shown that the establishment's servers have been impacted. For the moment no data leakage has been identified and internal data has not been compromised.
Unfortunately, the hospital's website has been affected and is therefore inaccessible. All applications linked to the outside world have also been affected: booking appointments, sending test results, etc. The hospital cannot therefore offer teleconsultations and cannot connect with other health establishments, private doctors, emergency services, etc. The hospital's system is therefore operating in degraded mode and it has preferred to isolate its information system in order to limit the spread of the attack.
This new attack, which is not the first (remember Corbeil-Essonnes in August 2022 and Versailles in December 2022) highlights once again that the healthcare sector has become increasingly susceptible to cyber attacks in recent years. Valuable patient data, growing adoption of IoT and interconnected technologies, lack of cybersecurity education, remote access to data … Many factors that make the healthcare sector a prime target for cybercriminals.