the information system of Rouen University Hospital "almost back to normal"


"More than 90%" software was restarted Tuesday, said the same day to TICHealth Remi Heym, director of communication of the University Hospital of Rouen. "We expect to be 100% by the end of the week," he added.

The return to normal IS was expected for the end of last week, but the restart of all applications was longer than expected.

"We cut all access to the information system, some publishers have had to move to restart the software from the CHU," explained Heym.

The hospital is functioning normally again and waiting times have returned to their former levels, he assured.

The CHU was operating in "degraded mode" since Friday, November 15, the day the attack was spotted.

The attack took the form of a cryptovirus, malicious software that encrypts the data of a network to claim a ransom in exchange for the decryption key, remember.

The CHU has not taken any new protective measures. "We were already at a very high level of security.The National Security Agency Information Systems (Anssi) welcomed our responsiveness," said Heym. "It will put screwdriver strikes to the left, check some settings."

"We will have to change all the passwords" and do "booster shots" on the routine restart of computers, which allows to update the antivirus, he cited as examples.

"There has been a certain laxity among some, but perhaps the damage will encourage them to better comply with the instructions," he said.

No loss or leakage of data was found, he said, and the cause of the attack is still unknown as the investigation is ongoing.

A complaint against X for fraudulent access to an automated data processing system and attempted extortion has been filed with the Paris prosecutor's office.

The encrypted files displayed a message "asking to send an e-mail to hackers", but there was no "official ransom demand", said the direction of communication.

76actu Local Media reported an already written message to send to pirates which contains "a request (…) amounting to 40 bitcoins, the equivalent of 300,000 euros, according to the current digital price of cryptocurrency".

According to Vincent Trély, president of the Association for the security of information systems (Apssis), invited on November 27th of a "café Nile", the malicious software in question is the Clop virus, a variant of the family of cryptoviruses CryptoMix.

On 22 November, Anssi published a report stating "several attacks involving the deployment of Clop on information systems in France" occurred "in recent weeks" without further details.

The agency had dispatched agents to the CHU Rouen from the beginning of the attack to investigate the origin of the attack and how it has spread.

This demonstrates "the scale of the attack," said Vincent Trély, "especially since there is a cyber attack per week on a health facility in France."

Contacted by TICsanté, Anssi did not respond to our request for additional information concerning the cyberattack of Rouen University Hospital.


We will be happy to hear your thoughts

Leave a reply

AB Smart Health
Enable registration in settings - general
Compare items
  • Total (0)