France to boost cyberdefense after hospital malware attacks

French President Emmanuel Macron on Thursday unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France

The attacks at the hospitals in Dax and Villefranche-sur-Saone prompted the transfer of some patients to other facilities as the French health care system is under pressure from the coronavirus pandemic.

Macron discussed the attacks with officials and workers from both hospitals, saying the incident “shows how the threat is very serious, sometimes vital."

“We are learning about these new attacks, some coming from states as part of new conflicts between nations, others coming from mafias,” the French leader said during a videoconference. Some attacks have “criminal” or “lucrative” motives, others are used to “destabilize” countries, he added.

Macron referred to a massive hack of U.S. federal agencies last year and to the stealing of vaccine documents from the European Medicine Agency in November.

He stressed the need for international cooperation among police and criminal justice agencies after Ukrainian authorities confirmed a ransomware program known as Egregor was dismantled in the country earlier this month following a joint action by the United States, France and Ukraine.

Macron’s office said the government will earmark about 500 million euros ($603 million) to help boost cyberdefense systems in the public and private sector.

The National Cybersecurity Agency of France (ANSSI) reported that ransomware attacks surged 255% in 2020 compared to the previous year. All sectors and geographical areas of the country were included, but the increase particularly concerns the health care sector, the education system, local authorities and digital service providers, ANSSI said.

During ransomware attacks, cybercriminals infect computers or computer systems with viruses that scramble and lock data until the targeted users pay a ransom.

The hospital in Villefranche-sur-Saone, located north of the city of Lyon, said its phone system went down during a cyberattack on Monday that forced a preemptive shutoff of the internet service and other networks to keep the ransomware from spreading.

The hospital also had to postpone surgeries planned for the following day. but said patient safety was preserved.

The Dax hospital in southwestern France reported a similar attack last week. Without phones and computers working, health care workers had to use pen and paper for record keeping.

The French cybersecurity agency is helping to investigate the attacks.

ANSSI said Monday that an attack similar to one used by Russian hackers targeted a software distributed by the French company Centreon, resulting in the breach of “several French entities" from late 2017 to 2020.

"This campaign bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," ANSSI said in a statement Monday.

Sandworm is a Russian military hacking group that U.S. security officials and cybersecurity experts said interfered in the 2016 presidential election in the United States, stealing and exposing Democratic National Committee emails and breaking into voter registration databases.

The group has also been blamed by the U.S. and U.K. governments for the June 2017 NotPetya cyberattack, which targeted businesses that operate in Ukraine. It caused at least $10 billion in damage globally, most notably to the Danish shipping multinational Maersk.