Cyber Incident Victim: CHU de Rouen

On or around November 18, 2019, the University Hospital Centre (CHU) in Rouen, France, suffered a ransomware attack that disrupted hospital operations and caused significant delays in patient care. The attack rendered servers and numerous desktop computers unusable, forcing medical staff to abandon digital systems entirely. Hospital personnel reverted to manual processes, including handling appointments by telephone, issuing handwritten prescriptions, and maintaining records with paper and pencil—described by communications head Remi Heym as an "old-fashioned method." While the hospital confirmed no patient endangerment occurred, the operational disruptions led to "very long delays in care," according to AFP reports. The institution’s 1,300-bed capacity did not mitigate the logistical challenges caused by the sudden loss of digital infrastructure. No medical or personal data was reported stolen or missing as a result of the incident.

France’s National Cybersecurity Agency (ANSSI) intervened to contain the attack’s spread and assisted in recovery efforts, including cleaning infected computers, reinstalling software, and restoring encrypted files. The hospital publicly stated it would not pay any ransom to regain access to its systems, emphasizing its commitment to restoring operations through technical remediation. A full restoration of systems was projected to occur by the weekend following the attack’s discovery. French police launched a formal investigation to identify the perpetrators, though the specific ransomware variant was not disclosed by the hospital. Le Monde noted that while ransomware incidents targeting French hospitals remained rare, two other healthcare facilities had experienced similar attacks in preceding years. The incident underscored broader concerns about healthcare institutions being targeted due to the high value of patient data and the critical need for uninterrupted access to medical systems.