Cyber Incident Victim: Catalan medical imaging group
Date:
May 2024
Location:
France
Summary
A Catalan medical imaging group experienced a cyberattack impacting multiple facilities, including sites in Saint-Pierre, Argelès-sur-Mer, Céret, and a polyclinic, following an initial system malfunction. The intrusion prompted immediate containment measures, notification to authorities, and collaboration with cybersecurity experts to investigate. Preliminary findings indicate no evidence of data theft or compromise at this stage. Operational disruptions persist, with appointments facing significant delays despite efforts to maintain service continuity under degraded conditions. A police complaint was filed, and investigations into the attack's origin are ongoing while the organization works to restore normal operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 7, 2024, the Catalan medical imaging group Coradix-Magnescan confirmed a cyberattack affecting multiple radiology centers across France's Pyrénées-Orientales region. The incident originated from a system malfunction detected on the morning of Friday, May 3, during routine startup procedures, though the full scope of the intrusion was not recognized until Tuesday, May 7. Attackers compromised the network infrastructure supporting four facilities: the Saint-Pierre imaging center, the Méditerranée polyclinic site, the Argelès-sur-Mer center, and the Vallespir facility in Céret. Technical teams observed unauthorized access attempts across these interconnected systems, prompting immediate containment measures to isolate the breach. No evidence of data exfiltration or patient information theft was identified during preliminary forensic examinations.
Coradix-Magnescan activated emergency protocols upon confirming the attack, deploying internal IT staff alongside external cybersecurity specialists to eradicate the intrusion vectors. Management notified relevant regulatory authorities and filed a criminal complaint at Perpignan police headquarters, initiating a formal investigation into the attack's origins. Clinical operations continued under degraded conditions, with staff implementing manual workarounds to perform radiological examinations despite disrupted scheduling systems. Patients experienced significant appointment booking delays across all affected sites, with administrators anticipating ongoing disruptions during recovery efforts. The organization publicly acknowledged service limitations while emphasizing continued care delivery, thanking patients for their patience as restoration work progressed. Forensic audits remained ongoing to establish the attack methodology and reinforce network defenses against future incidents.