Colin Thierry
Published on: April 26, 2022

The GHT Coeur Grand Est. Hospitals and Health Care group disconnected all incoming and outgoing Internet connections after falling victim to a cyberattack that resulted in the theft of sensitive administrative and patient data.

GHT is a hospital network located in Northeast France with nine locations, 6,000 employees, and around 3,370 beds.

The attack occurred on April 19 and impacted the systems of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack’s spread along with additional data theft.

“The GHT Cœur Grand Est has cut all incoming and outgoing internet connections from its establishments in order to protect and secure information systems and data,” said a translated statement from GHT.

“This computer containment will continue until the risk of a new attack exploiting the flaw created is completely circumscribed. To this end, some online services are temporarily unavailable (making appointments, etc.),” GHT added.

The hospital network said that the attackers also managed to copy administrative computer data stored in the establishment’s systems and warned that other threat actors may publish and use the data.

Patient care hasn’t been interrupted since the software used in the hospitals has not been affected by this cyberattack. However, online services still remain impacted while investigating the flaw that allowed the threat actors access to their network.

Additionally, due to this data breach, the risk of social engineering attacks and scams against patients or hospital employees has dramatically increased.

To alleviate this risk, GHT urged all parties to stay vigilant and report any suspicious online requests to law enforcement authorities.

Additional Breaches

At the end of March, the Hospital de Castelluccio in Corsica was attacked by hackers, who also managed to steal sensitive patient data and other documents during the incident.

The incident was disclosed to the public immediately and had negative consequences on the operation of radiotherapy in the hospital’s oncology unit.

Over the weekend, stolen data marketplace Vice Society published the stolen documents allegedly originating from the attack on the Castelluccio hospital and made them available for purchase.

These documents included employee correspondence, HR information, patient records, identities, social security coverage details, and more.