Ransomware Continues Attacks on Healthcare

French and Australian recent ransomware victims

Recent months show an increased number of cyber attacks targeting hospitals and various healthcare establishments and facilities. This behaviour is unprecedented and is very dangerous for both healthcare providers and the patients. The Kaduu Team spends a lot of time in the darknet and underground hacking forums: even hackers have a morality code which does not allow attacking healthcare providers, nor child-related data. However, not all hackers follow this code…

A hospital in Versailles, near Paris had to cancel operations and transfer some of the patients elsewhere, after being hit by a cyberattack over the weekend of December 3-4.

The regional health agency (ARS) said the Andre-Mignot Hospital had cancelled operations, but was doing everything possible to keep walk-in services and consultations running. According to different sources, hospital has been incapable of conducting any telephone communications or appointments taken online. All computer systems have been cut off, leaving no chance for the patients to be treated on time.

The hospital has urgently reorganised the working process, saying they are ready to work with a pen and paper in order to help as many people possible, regardless the cyber attack.

The attack was followed by a ransom demand, the exact amount of which has not been disclosed.

The same scenario happened with Corbeil-Essonnes hospital, situated on the outskirts of Paris. In August 2022, the establishment, that provides healthcare to nearly 700,000 residents was targeted by ransomware.

Australian Health Insurer Medibank hit by rEvil ransomware

Australian health insurance firm Medibank disclosed at the end of October that the personal information of all of its customers had been unauthorizedly accessed following a recent intrusion.

In an official statement, the firm said the attackers had access to “significant amounts of health claims data” as well as personal data belonging to its ahm health insurance subsidiary and international students.


Medibank, which is one of the largest Australian private health insurance providers, serves about 3.9 million customers across the country.

“That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers, and some claims data,” it noted. “This claims data includes the location of where a customer received medical services, and codes relating to their diagnosis and procedures.”

Other uniquely identifiable personal information such as passport numbers with respect to international student policies have also been accessed, but no evidence has been found that direct debit details have been breached.

The REvil ransomware group has been previously connected to Russian hackers and possibly the Russian government.

The recent data breaches have prompted the Australian government to pass new legislation that can result in companies facing up to AU$50 million in fines for repeated or serious data breaches.

The Kaduu Team recommends that everyone remains vigilant to phishing and vishing attacks. Meanwhile, we advise you to read our latest article on LastPass latest security incident.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.