Cannes Hospital Cyberattack by LockBit 3.0 Ransomware Group

Overview of the Victim: Cannes Hospital

Cannes Hospital, officially known as Centre Hospitalier de Cannes Simone Veil, is a significant healthcare provider located in Cannes, France. The hospital boasts an 840-bed capacity and employs over 2,000 staff members. It provides a wide range of medical services including emergency care, surgery, obstetrics, pediatrics, and psychiatry. The hospital is noted for its modern technical infrastructure, which includes optical cabling and the use of 1,400 MICROSENS switches to connect medical devices and manage patient entertainment systems through a fiber optic network.

The hospital is also recognized for its international patient services, offering the same care conditions as those with French social insurance and providing additional services such as cost estimates, prepayment options, and interpreter assistance.

Details of the Cyberattack

In April 2024, Cannes Hospital was targeted by the LockBit 3.0 ransomware group, leading to significant disruptions. The attack forced the hospital to cancel some medical procedures and shut down critical systems, focusing recovery efforts on restoring systems directly linked to patient care. The attack was publicized through LockBit 3.0's dark web leak site, indicating a breach of the hospital's data security measures.

LockBit 3.0 Ransomware Group Profile

LockBit 3.0, also known as LockBit Black, is a sophisticated evolution of the earlier LockBit ransomware strains. Operating under a Ransomware-as-a-Service (RaaS) model, this group allows affiliates to deploy the ransomware, which has been responsible for numerous high-profile attacks globally. LockBit 3.0 is known for its encryption techniques, lateral movement capabilities, and the ability to self-delete to evade detection. The ransomware is particularly challenging to analyze due to its heavy obfuscation.

Potential Vulnerabilities and Attack Vectors

The technical sophistication of Cannes Hospital's network, including extensive use of IP data transmission and connected medical devices, might have presented multiple attack vectors for LockBit 3.0. The integration of numerous devices through MICROSENS switches, while beneficial for operational efficiency, could also increase the risk of lateral movement by ransomware once the network is breached. Additionally, the public-facing elements of the hospital's digital infrastructure, such as its website and online patient services, could have been initial points of compromise.

Sources

• Cannes Hospital International Patient Services
• SecurityWeek - Cannes Hospital Cyberattack
• MICROSENS - New Approaches to Healthcare at Cannes Hospital
• Dun & Bradstreet - Company Profile of Centre Hospitalier de Cannes Simone Veil
• VMware Security Blog - LockBit 3.0 Analysis
• SentinelOne - LockBit 3.0 Threat Analysis
• Trend Micro - LockBit 3.0 Ransomware Group Augments Its Latest Variant