The GHT Coeur Grand Est. Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering it suffered a cyberattack that resulted in the theft of sensitive administrative and patient data.
GHT is a hospital network located in north-east France consisting of nine locations, 6,000 employees and approximately 3,370 beds. The cyberattack occurred on April 19 and affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack’s spread and further data theft.
Erfan Shadabi, Cybersecurity Expert, comforte AG, commented: “This situation is a cautionary tale. Whether through contractual obligation or regulatory mandate, enterprises working with sensitive data need to meet the acceptable threshold of data security. Healthcare providers should perform a thorough security audit, assess the strengths and weaknesses of their current data security strategy and posture, and question whether the implemented protection methods include data-centric security. Data-centric security such as tokenisation and format-preserving encryption protects the data itself rather than focusing on borders, perimeters, intrusion detection and data access. A token replaces the sensitive aspects of a piece of data, so even if it falls into the wrong hands, the sensitive information behind it cannot be compromised. Best of all, data-centric security travels with data, no matter where it goes.”
