It’s been 10 days since Rouen University Hospital Centre (CHU) suffered a significant ransomware attack and its computer power is still massively reduced.
The Hospital, which consists of over 8,000 employees spread over five sites has lost the use of 6,000 computers and is still using pen and paper to deal with data entry and day to day operations.
While rumours of ransoms have surfaced around the internet, no official ransom has been demanded nor will it be relevant as CHU’s head of communications has made it clear they will not pay to have their data restored.
No medical or personal data have gone missing as a result of the attack. We have not received any ransom demand, and neither are we going to pay any ransom in return for restoration
Remi Heym – Head of Communications, CHU
France’s newspaper Le Monde reported that the outbreak was limited thanks to the “Agenence nationale de la sécurité des systems d’information” (National Information Systems Agency) (ANSSI), a government agency created in 2009 to deal with the prevention of, and response to, computer incidents affecting sensitive institutions. Known as the “Firemen of the French cyberspace” they participate in thousands of cyber-interventions each year.
A cyber task-force is a very valuable asset in times of regular cyber-attacks, but even with the help of ANSSI, the hospital is still facing a significant period of reduced efficiency which can be very expensive. One only needs remember the Wannacry attacks of 2017 that affected the UK’s National Health Service, costing them £92 million and 19,000 cancelled appointments.
With over 90% of successful data breaches beginning with phishing emails, the importance of staff training has never been greater. Targeted Security Awareness Training is still by far and away the most cost-effective way to reduce an organisation’s cyber threat surface.
Want to know how susceptible your users are to a phishing attack? Try out our Free Click-Prone® Test, you may be surprised how many require further training.