The staff of a 1,300-bed hospital in France ditched computers and took to pencil and paper to run daily affairs after a ransomware attack bricked 6,000 computers at the facility.
Employees at the University Hospital Centre (CHU) in Rouen had to abandon their computers, which were infected by ransomware, reported Le Monde newspaper. All patients are safe, the hospital said in a social media statement.
The French national cyber-crime agency ANSSI helped contain the attack and is involved in cleaning up the infected computers, Le Monde reported.
"Over the course of the year, it has become not unusual to hear of hospitals being crippled by ransomware. An overall lack of funding in security is usually a major contributing factor, with many hospitals running old or outdated systems which are easy to compromise," said Javvad Malik, security awareness advocate at KnowBe4.
"The big question to be looking at is how ransomware gets into hospital networks. In the majority of cases, this will either be through unpatched software or through social engineering, typically a phishing email."
The hospital made it clear that no ransom would be paid. The police are investigating the source of the ransomware, said the report.
Attacks against healthcare organisations have risen by nearly two-thirds (60 percent) in the first three quarters of 2019 compared with all of 2018, SC Media UK reported this month.
Healthcare is the most breached industry. Data breaches in healthcare sector cost US$ 6.45 million (£5.2 million) on average, almost double that of the global average of US$ 3.92 million (£3.2 million).
The UK’s National Health Service has borne the brunt of several cyber-attacks, the biggest being WannaCry, which cost the NHS £92 million. With deficient security monitoring, legacy systems and inadequate investment in security, the NHS is still a sitting duck for cyber-criminals, SC Media UK reported in July.
Ransomware attacks on French hospitals were not that common, but two other establishments faced cyber-attacks in recent years, Le Monde reported.
The dependence on and prevalence of technology in the healthcare sector means that any sudden disruption may cost innocent lives, warned Ilia Kolochenko, founder and CEO of ImmuniWeb.
"When a hospital is flatly prevented from accepting phone calls and other incoming communications, when medical personnel fail to share medical records and obtain diagnosis requisite for the most serious of medical interventions, a multitude of wrong and fatal decisions may be taken. Frequently, even a minor delay or ignorance will result in failure to save someone’s life."