Rouen hospital confirms 90% of IT services have been resumed after cyberattack rendered computers unusable

Ransomware attack had a “strong impact” on operations over the weekend.
By Tammy Lovell
10:37 AM

University Hospital Centre (CHU) de Rouen in France has confirmed that 90% of normal IT services are now operational, following a ransomware attack which forced staff to abandon computers last week.

The large-scale cyberattack, which took place around 7pm on 15 November, had “a strong impact on the information system and therefore the activity of the establishment”, according to a statement posted by the hospital on Facebook.

CHU de Rouen’s director of communications, Rémi Heym, told Healthcare IT News: “Our level of security was very high already but to prevent further cyberattacks, we have checked our processes and applications with the help of the National Agency for Security of Information Systems (ANSSI).”

French national cybersecurity agency ANSSI were called to the scene to help limit the scale of the issue by cleaning up infected computers, re-installing software and recovering encrypted files.

The majority of services were resumed around midnight and the hospital said there had been no direct impact on patient care.  

WHY IT MATTERS

As a result of the attack, the hospital said that medical staff had been “faced with disruptions” and tasks usually carried out on computers had to be done by phone or paper.

French police are investigating who was behind the attack. No leaks of personal or medical information have been identified so far.

THE LARGER CONTEXT

Healthcare institutions have increasingly become targets for cyberattacks. In 2017, the NHS was hard hit by the WannaCry malware, which the Department of Health and Social Care estimated cost it around $115m and caused more than 19,000 appointments to be cancelled. Yet, a recent report by Imperial College London’s Institute of Global Health Innovation concluded the NHS still remains vulnerable to cyberattacks and must take urgent steps to defend against threats.

ON THE RECORD

 A hospital statement posted on Facebook last week said: “Immediate actions were carried out by the management of the information system to stop the spread of this attack around midnight.

“Various operations are being carried out by IT professionals with the contribution of expertise on site of ANSSI to gradually restore all the establishment’s applications.

“A return to service of all applications, in order of priority, has allowed a progressive resumption of the activities of the establishment. At this point, the information system allows patients to be taken care of in almost normal conditions.”