The hospitals of the GHT Cœur Grand Est group were victims of a cyberattack. 28 GB of confidential patient data was stolen and offered for sale on the Dark Web. The greatest vigilance is required.
If you have visited hospitals in the east of France, be very vigilant: you could soon, or even now, be the victim of phishing attempts, or, even worse, of identity theft and fraud. banking. The territorial hospital group of the Grand Est region (GHT Heart Grand Est) was indeed the victim on April 19, 2022 of a massive hack that allowed attackers to steal confidential patient data. As the GHT explains in his press releasea cyberattack carried out from abroad on the information system of the Vitry-le-François and Saint-Dizier hospital centers gave access to “essentially administrative information”. Without specifying the number of people concerned, the group indicates that it is possible that the files thus recovered are “shared and used by malicious people”.
The problem is that this precious booty is already for sale on the Dark Web, the Internet black market where hackers and other hackers exchange tools and information! And he’s not thin! As found BleepingComputer, all of the stolen information represents more than 28 GB of data. Even more worrying, among these famous “essentially administrative information”, there is a jumble of patient files, medical analyses, data from mutual insurance companies and Covid vaccination certificates, but also bank details, copies of passports, letters or even schedules. In other words, a sum of ultra confidential and highly sensitive information that can be used for identity theft, phishing or even scams. On Industrial Spy, a reputable “marketplace” on the Dark Web, the hackers claim that they offered to GHT to buy back the stolen files for around 1 million euros, without apparent success. In fact, they sell documents individually for a few dollars. A chilling perspective…
Cybereattack GHT: confidential documents sold for a few dollars
Of course, the GHT GHT Cœur Grand Est immediately took drastic security measures. Incoming and outgoing Internet connections to its establishments have been cut to avoid any risk of a new attack, and certain online services – such as appointment booking – are temporarily unavailable: they will be restored when the security breach that allowed the theft of data will be identified and sealed. “The applications and software used internally on a daily basis were not affected by the attack and remain operational. The computerized patient file is fully functional. Users continue to be supported with the same level of quality and security in all our hospitals”further specifies the GHT in its press release.
While waiting for all the light to be shed on this worrying affair, the hospital group advises all people who have used its services to be extra vigilant at this time, with the classic precautions (check the addresses of email senders, be wary of attachments to messages, not to share confidential or banking information by messaging or telephone, etc.). It invites the patients concerned to report any suspicious element that may be linked to this hacking to the judicial authorities, in particular on the governmental CyberMaliciousness.