At the origin of the cyberattack which affected the South Francilien Hospital Center (CHSF) in Corbeil-Essonnes, hackers from the Lockbit 3.0 group posted a first batch of data, which represents 11 GB of sensitive data.
As a reminder, on Sunday August 21, 2022, the CHSF of Corbeil-Essonnes had suffered a cyberattack by the group behind the Lockbit 3.0 ransomware. This attack had a very strong impact on the functioning of the Center itself. Initially, the hackers demanded a ransom of 10 million dollars, before reviewing this amount later. Moreover, if the amount of the ransom has decreased sharply, it is not by chance, because it turns out that the GIGN negotiators stepped in to negotiate directly with members of the Lockbit group ! However, the hospital allegedly refused to pay.
According to the Zataz website, the pirates demanded 2 million dollars : first 1 million dollars to delete the data exfiltrated during the attack and 1 second million dollars to restore access to the data. Of course, to put pressure on the management of the Hospital Centre, all this is accompanied bya deadline: Friday, September 23 at 09:42. Once this period has passed, the sentence is clear: data will be published! Unfortunately, that’s what happened, as we can say.
On their site dedicated to data leaks, the cybercriminals behind Lockbit have uploaded an 11.7 GB archive containing sensitive data. Although I don’t know the details of this data leak, it would be personal data, including health data. Some sites mention social security numbers as well as test reports.
The Corbeil-Essonnes Hospital will need time to contact the various people affected by this data leak, and we will see later if the Lockbit hackers publish additional data. Indeed, it would only be “Part1”, that is to say part n°1.
#hackers #uploaded #data