After cyber attacks targeting hospitals with the aim of demanding ransoms from them in recent weeks, new information has come to illustrate the threat posed by cybercrime in the health sector. A file containing the data of nearly 500,000 French patients was distributed on the Web. This would contain up to 60 pieces of information per person: social security number, date of birth, address, telephone number, etc. Sometimes with comments on the state of health: pathologies, treatments, etc.
→ CONTEXT. The medical data of nearly 500,000 French patients leaked on the Internet
These data would come, according to the newspaper Release dated Tuesday February 23, files from around thirty medical biology laboratories in the north-west of France, all using the same data entry software at the time of the samples, ie between 2015 and October 2020. These files would have been hacked by hackers, having found a security breach.
Why were they then released widely? The newspaper hypothesizes a rivalry between hackers, one of them having decided to make the documents accessible to deprive them of any market value. It is impossible for the moment to know if it is all the data collected or a simple sample. The CNIL launched investigations on Wednesday February 24.
Law of the market
In any case, detailed and recent medical data like this can be very expensive on the darknet, the submerged part of the Internet. Initially, the hackers’ modus operandi is the same as for an attack by “ransomware”, a malicious software which encrypts the data of the user and then returns it to him only in exchange for a sum of money. ” Once the hacker enters the information system, he has two options depending on his business model. Either it encrypts the data and sends a ransom note to the owner, with the customer becoming the victim. Either he makes a copy of the files and sells them to other customers ”, details Nicolas Arpagian, teacher at the National School of Police and author of Cybersecurity (PUF, 2018).
In this shadow business, everyone has their specialty and their modus operandi, ” like the robbers », Decrypts the specialist. Then there can be a whole chain of sellers and dealers, the law of the market taking precedence: ” The price of this type of information depends on the market, it can range from a few thousand to hundreds of thousands of euros. », Assures Aroua Biri, expert and doctorate in cybersecurity from the Institut Mines-Télécom.
Phishing or ransom
But why buy a file indicating that Mr. Dupond, 45, living in a town in Morbihan, holder of such a social security number, is infected with HIV? First possibility: to ask him for an individual ransom. “ The hacker writes to tell him that he has the information on his state of health and threatens to divulge it to his boss and colleagues or to disseminate the information on social networks. If the person gets scared and doesn’t want it to be known, they will pay », Explains Aroua Biri. Transactions that are made in bitcoin, a cryptocurrency.
→ ANALYSIS. Bitcoin caught up by financial giants
Second possibility, the implementation of a strategy of “ phishing – or phishing – personalized. ” It’s spear phishing, continues Aroua Biri. The message is calibrated in relation to the recipient, it contains information that only a loved one can know And encourages you to click on a link in order to collect other information, such as bank details.
Finally, the elements collected can be used to usurp the identity of the victim, which opens up a lot of possibilities. ” The information can be used to request civil status documents to constitute files or to contract loans online for example. », Illustrates Nicolas Arpagian. In all cases, it is an activity ” ultra-lucrative “, He adds, because it only requires an investment” modest “.
Faced with this type of attack, ” the important thing is not to be in the emotion and in the urgency », Insists Aroua Biri, who indicates the reference site to consult: cybermalvaillance.gouv.fr. Upstream, of course, we must also improve “ the security level of the establishments “.
The health sector particularly targeted
Hospitals and other entities in the health sector are “ one of the preferred targets ” in cyberattacks by “ ransonware “, Estimates the National Information Systems Agency (Anssi) in a report on” ransomware threat »Published at the beginning of February.
On February 19, authorities revealed that a file containing a list of 50,000 user accounts ” presumably belonging To hospital agents had been on sale on the Web since February 4.
“There were 27 cyber attacks on hospitals in 2020 and one attack per week since the start of 2021 “, revealed the Secretary of State in charge of digital Cédric O, Wednesday, February 17.