Fr: Baclesse cuts its Internet connection to prevent the spread of a computer worm

The Centre François Baclesse is one of three proton therapy centers for fighting cancer in France. This week, they also had to fight the results of a cyberattack by heartless criminals. Thankfully, their recent investment in improving their cybersecurity seems to have paid off. On April 28, the center issued the following statement on their web site (translation):

The IT department of the François Baclesse Center detected and blocked a “worm” type computer virus on April 21 at 9 pm.

The purpose of this malicious program was:

– retrieve data;
– encrypt them so that they could no longer be read;
– then blackmail to restore this data.

The Internet connection of the François Baclesse Center was cut off for 6 days to prevent the worm from leaving with data and spreading outside. The analysis showed that one third of the IT park had been affected.

For 6 days, the IT department performed complete checks on our information system (servers and computer stations) while protecting our external partners.

No data was lost, no data was stolen, no data was encrypted. All our care services continued to function normally, with no impact on patients (no appointment delays, no treatment delays, etc.).

Fortunately, the Center’s IT department had been trained to react to such situations. Following cyber-attacks in other hospitals, the François Baclesse Center very recently took the decision to invest heavily in IT security, for a total budget of €100,000. The security solution implemented in January 2021 made it possible to quickly detect and contain the malware.

The origin of the worm’s appearance has been identified: it was the consultation of a website from which the “PC 0” computer was infected. This security flaw is now fixed. The situation is healthy and it is planned to further strengthen user vigilance through educational actions.

It’s not totally clear to what that explanation in the last paragraph means, but we may not be translating properly.

Update: Thanks to @fs0c131y, who informs us that “PC 0” refers to the first infected PC.

About the author: chum1ng0

Comments are closed.