Cyber Incident Victim: Centre Saint-Jean
Date:
Nov 2022
Location:
France
Summary
A ransomware attack targeted an oncology and radiotherapy center, severely disrupting its information systems and compromising patient medical records, staff files, and partner data. Critical treatments like chemotherapy and radiotherapy were temporarily suspended due to inaccessibility of digital patient files, though chemotherapy later resumed while radiotherapy remained halted. Medical consultations continued unaffected. The organization activated crisis protocols, coordinating with regional health authorities to redirect patients to nearby facilities for urgent care. Compromised servers were isolated, and a new secure infrastructure was being deployed. The incident was reported to the national data protection authority, with no confirmed public data leaks at the time. Patients received direct communication regarding care adjustments, and efforts focused on restoring normal operations promptly.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 15, 2022, the Centre d’oncologie et de radiothérapie Saint-Jean, operating across sites in Saint-Doulchard and Moulins, France, experienced a ransomware cyberattack that crippled its information systems. The attack compromised all stored data categories, including patient medical and administrative records, technical treatment details, employee personnel files, and data belonging to external partners and service providers. This systemic disruption forced the immediate suspension of chemotherapy and radiotherapy services from November 15 to November 18, 2022, as these treatments require uninterrupted access to digital patient records for critical functions such as radiation targeting (balistique), dosage calculations, and treatment documentation. Medical consultations continued unaffected during this period. By November 28, 2022, chemotherapy services had partially resumed, but radiotherapy remained suspended due to persistent system inaccessibility, significantly impacting ongoing cancer treatments.
The center activated its crisis unit in coordination with the Agence Régionale de Santé (Regional Health Agency) to implement contingency measures, including redirecting affected radiotherapy patients to nearby treatment facilities to maintain care continuity. Internal IT teams, medical staff, and administrative personnel worked intensively to restore systems, with direct individual notifications issued to current patients via clinical teams. The incident was formally reported to France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), as a confirmed data breach. Forensic isolation of compromised servers was completed to prevent further intrusion, alongside ongoing deployment of a replacement secure infrastructure. No evidence of public data disclosure or confidentiality breaches had been identified by November 28. Patients received dedicated communication channels for updates, including email contacts for data protection inquiries and department-specific phone lines for treatment coordination. The center committed to issuing follow-up communications regarding radiotherapy resumption timelines and publicly acknowledged the operational disruptions while expressing gratitude to collaborating regional treatment centers for their support.