Ransomware attack forces French hospital to transfer patients

André-Mignot ransomware attack response

The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that occurred on Saturday evening.

According to Richard Delepierre, the co-chairman of the hospital’s supervisory board, the attackers behind this ransomware incident have already demanded a ransom.

“A ransom, the amount of which I do not know, has been requested but we do not intend to pay it,” Delepierre said per an report.

Currently, the hospital only accepts walk-ins and consultations as it had to partially cancel operations. It was also forced to transfer six patients from its neonatal and intensive care units to other healthcare facilities, according to France’s Minister of Health and Prevention François Braun.

“Taking the health of the French hostage is inadmissible. I was this evening with with the teams of the André-Mignot hospital, victim of a cyberattack,” Braun on Sunday.

“All our means are deployed alongside the professionals mobilized to ensure the care of patients.”

The Ile-de-France Regional Health Agency (ARS)  patients with already scheduled consultations or planned interventions (e.g., surgery, chemotherapy, radiotherapy) to reach out to their doctor or the department they were assigned, who will redirect them to an available treatment unit.

Jean-Noël Barrot, the Minister Delegate in charge of Digital Transition and Telecommunications, the hospital immediately isolated the infected systems to limit the spread of the malware to additional devices and alerted the French National Authority for Security and Defense of Information Systems (ANSSI).

The cyberattack is now being investigated by ANSSI and the Paris prosecutor’s office, which has also opened a preliminary investigation into hacking state data and attempted extortion after the André-Mignot hospital filed a formal complaint on Sunday.

“To date, no other health facility in the region has been impacted by this cyberattack on which investigations are continuing by the National Authority for Security and Defense of Information Systems (ANSSI),” ARS added.

While the ransomware operation behind the attack on the André-Mignot hospital remains unknown, multiple gangs are known for targeting healthcare organizations.

U.S. federal authorities have previously warned of threat actors deploying and ransomware payloads in attacks against Healthcare and Public Health (HPH) organizations.

Another joint advisory warned in October that a cybercrime group known as Daixin Team was in ongoing ransomware attacks.

In November, the U.S. Department of Health and Human Services (HHS) also alerted the country’s healthcare organizations that they’re being known to have made dozens of victims worldwide since mid-August 2022.

The FBI said the notorious Hive ransomware gang also  and estimated the group collected roughly $100 million from its victims since June 2021.