Cyber Incident Victim: Centre Hospitalier de Bourg en Bresse
Date:
Apr 2023
Location:
France
Summary
The Centre Hospitalier de Bourg en Bresse experienced a cyber intrusion targeting its information systems, prompting immediate isolation measures to protect data and partners. While healthcare operations, including consultations, maternity, surgery, and emergency services, remained functional, the attack disrupted medical imaging access and internal email communications, necessitating temporary emergency department protocols to prioritize critical cases and redirect non-urgent patients. A specialized firm is conducting forensic investigations with national cybersecurity authorities to restore normal operations, though no ransom demand was identified. The hospital emphasized continuity of care through telephone communications after deactivating email systems across its network of facilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of April 10-11, 2023, the Centre Hospitalier de Bourg en Bresse, the primary healthcare facility in France's Ain department, experienced a cybersecurity intrusion into its information systems. The hospital's IT team detected abnormal network activity during overnight monitoring, prompting immediate containment measures. Management isolated the compromised systems to prevent further unauthorized access and protect sensitive data, initiating a crisis protocol developed through prior preparedness training. The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), France's national cybersecurity agency, was notified of the incident. By April 13, the attack continued to disrupt internal email communications across all facilities under the hospital's joint directorate, necessitating the complete deactivation of email accounts. A specialized cybersecurity firm was engaged on April 11 to conduct forensic analysis, assess damage to the information systems, and develop a recovery plan, though no definitive timeline for full restoration was established.
The cyberattack caused operational disruptions primarily affecting medical imaging systems and emergency department workflows. While core medical services including consultations, maternity care, surgical operations, and emergency medicine remained functional, limited access to imaging examinations required implementation of enhanced patient triage protocols. The emergency department activated a 24-hour分流 system to redirect non-critical patients presenting without vital distress or immediate need for emergency physician consultation. This protocol, previously used only during overnight hours, was extended to manage patient volume during the crisis. Patients referred through the SAMU-Centre 15 emergency response system continued receiving full emergency care. Communication challenges emerged across the hospital network, with all six affiliated facilities (including hospitals in Hauteville, Pont de Vaux, Meximieux, and three EHPAD nursing homes) relying exclusively on telephone and fax communications. Hospital administration confirmed no ransom demands were made following the intrusion, contrasting with frequent targeting of healthcare institutions. The facility's prior cybersecurity preparedness, including a training exercise conducted two weeks before the attack, facilitated rapid implementation of contingency plans to maintain healthcare delivery during system restoration efforts.