Cyber Incident Victim: Ehpad 'Les Hortensias'

On October 13, 2023, the Ehpad 'Les Hortensias' in Marigny-le-Lozon, Manche, experienced a ransomware attack attributed to the cybercriminal group Medusa. The group publicly claimed responsibility for the attack on October 24, 2023, by publishing sensitive stolen data on their darknet site to pressure the facility into paying a ransom. The leaked files included residents' identification documents, medical certificates, and administrative records, exposing highly personal information of vulnerable individuals. Medusa demanded a ransom of €95,000 (approximately $100,000) for the return of the encrypted data and to prevent further disclosure of additional stolen information. The attackers imposed a short deadline for payment, threatening to release all remaining exfiltrated data if their demands were unmet.

The attack did not force the Ehpad to cease operations, allowing continued care for residents despite the security breach. Medusa employed a phishing strategy, infiltrating the network by compromising an employee's credentials through email deception. This incident highlighted the group's evolving tactics, as they have actively expanded their operations over the preceding year. No information was provided regarding whether the ransom was paid or specific technical containment measures taken by the facility. The publication of sensitive documents created immediate privacy risks for residents while demonstrating the attackers' intent to exploit healthcare vulnerabilities for financial gain.