LockBit publishes confidential data stolen from Cannes hospital in France

The LockBit ransomware-as-a-service gang has published what it claims is confidential data stolen from a hospital in Cannes, France.

It is not the first time that the cybercrime ecosystem has targeted the French healthcare sector, with numerous attacks disrupting patient care in recent years. One incident in February is suspected to have compromised data on more than 33 million people in France, equivalent to approximately half the population.

The release of data from the Simone Veil hospital in Cannes follows the hospital announcing this week that it had received an extortion demand from LockBit.

The initial attack, the hospital said, took place a few weeks earlier on April 16. It did not disclose what impact or disruption the incident had on the hospital’s caregiving operations.

The hospital staff said they had shared the extortion message with the police and notified France’s cybersecurity agency ANSSI. The statement added: “Public health establishments never pay ransom in the face of this type of attack.”

Patients and stakeholders will be told what was stolen after the hospital conducts a “detailed examination of the files,” the hospital announced.

The LockBit attack comes as the service’s administrator continues in their attempt to relaunch the platform following a law enforcement operation that saw police seize the criminals’ infrastructure and darknet site, as well as obtain a significant intelligence haul.

Despite the arrests of alleged affiliates and more than 14,000 accounts being shut down on third-party services — as well as the revelation that the ransomware gang did not delete data from victims after payment, despite promising to do so — LockBit’s administrator attempted to minimize the reputational damage caused by the police action.

Announcing the disruption of LockBit on February 20, the head of the United Kingdom’s National Crime Agency, Graeme Biggar, said the operation was not intended to be a final nail in the coffin of LockBit or the ransomware ecosystem in general.

“Sometimes the individuals or the infrastructure is out of our jurisdictional reach, [so] we have to attack what we can and disrupt where we can. But I think what we are showing over the last few years and with this disruption, is that we can have a real impact with our law enforcement capabilities against this threat,” said Biggar, acknowledging: “But it will never be complete.”