Cannes Hospital Targeted by LockBit 3.0 Ransomware Group

Incident Date:

April 30, 2024

World map

Overview

Title

Cannes Hospital Targeted by LockBit 3.0 Ransomware Group

Victim

Cannes Hospital

Attacker

Lockbit3

Location

Cannes, France

, France

First Reported

April 30, 2024

Cannes Hospital Cyberattack by LockBit 3.0 Ransomware Group

Overview of the Victim: Cannes Hospital

Cannes Hospital, officially known as Centre Hospitalier de Cannes Simone Veil, is a significant healthcare provider located in Cannes, France. The hospital boasts an 840-bed capacity and employs over 2,000 staff members. It provides a wide range of medical services including emergency care, surgery, obstetrics, pediatrics, and psychiatry. The hospital is noted for its modern technical infrastructure, which includes optical cabling and the use of 1,400 MICROSENS switches to connect medical devices and manage patient entertainment systems through a fiber optic network.

The hospital is also recognized for its international patient services, offering the same care conditions as those with French social insurance and providing additional services such as cost estimates, prepayment options, and interpreter assistance.

Details of the Cyberattack

In April 2024, Cannes Hospital was targeted by the LockBit 3.0 ransomware group, leading to significant disruptions. The attack forced the hospital to cancel some medical procedures and shut down critical systems, focusing recovery efforts on restoring systems directly linked to patient care. The attack was publicized through LockBit 3.0's dark web leak site, indicating a breach of the hospital's data security measures.

LockBit 3.0 Ransomware Group Profile

LockBit 3.0, also known as LockBit Black, is a sophisticated evolution of the earlier LockBit ransomware strains. Operating under a Ransomware-as-a-Service (RaaS) model, this group allows affiliates to deploy the ransomware, which has been responsible for numerous high-profile attacks globally. LockBit 3.0 is known for its encryption techniques, lateral movement capabilities, and the ability to self-delete to evade detection. The ransomware is particularly challenging to analyze due to its heavy obfuscation.

Potential Vulnerabilities and Attack Vectors

The technical sophistication of Cannes Hospital's network, including extensive use of IP data transmission and connected medical devices, might have presented multiple attack vectors for LockBit 3.0. The integration of numerous devices through MICROSENS switches, while beneficial for operational efficiency, could also increase the risk of lateral movement by ransomware once the network is breached. Additionally, the public-facing elements of the hospital's digital infrastructure, such as its website and online patient services, could have been initial points of compromise.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.