Cyber Incident Victim: EHPAD
Date:
Aug 2022
Location:
France
Summary
A retirement home within a hospital group near Pont-Audemer was targeted by a cryptolocker virus that encrypted sensitive data and locked 10 computers and one server. Although the attack likely aimed for ransom, no explicit financial demand was made. The infected systems were identified and isolated, with the hospital group confirming no major operational disruptions or impacts on residents. Crisis management protocols were activated, and the situation was reported under control.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of August 24, 2022, the Ehpad des Franches Terres, a retirement home in Beuzeville operating under the Pont-Audemer hospital group in Normandy's Eure department, experienced a disruptive cyberattack. The incident specifically targeted IT infrastructure within the elderly care facility rather than the broader hospital network. A malicious software program identified as a "cryptolocker"-type virus infected 10 computers and one server located exclusively at the Ehpad. This ransomware variant encrypted sensitive data stored on the compromised systems, rendering them inaccessible. Attackers implemented the malware under circumstances that remained unexplained in initial reports, though the encryption mechanism typically requires victims to meet specific conditions to regain access. Hospital authorities clarified that while the attack exhibited characteristics consistent with extortion attempts, the perpetrators did not explicitly demand financial payment at the initial stage. Technical staff detected the intrusion promptly, triggering immediate operational disruptions at the facility.
Hospital management activated a crisis response unit at Pont-Audemer Hospital that same morning to coordinate containment efforts. IT security teams successfully identified all infected terminals and implemented isolation protocols to prevent lateral movement across the network. By the time of initial public reporting, officials declared the situation "under control" with no evidence of continued system compromise. The Center Hospitalier du Havre, overseeing both Pont-Audemer and Beuzeville facilities, confirmed no critical service interruptions affecting resident care occurred despite the encryption of sensitive administrative or operational data. Forensic analysis remained ongoing to determine the attack's origin and full data impact, though infrastructure restoration efforts prioritized maintaining care continuity. Hospital communications emphasized the localized nature of the breach, with no secondary infections detected in connected healthcare facilities beyond the Ehpad's isolated systems.