Cyber Incident Victim: Centre Hospitalier Régional Universitaire Brest
Date:
Mar 2023
Location:
France
Summary
A regional university hospital in Brest suffered a cyberattack disrupting all external connections, forcing its information systems into degraded operational mode. Internal servers were compromised, affecting appointment scheduling, medical imaging access, and external result transmissions to partner facilities. The organization isolated its internet systems to contain the attack, rendering its website inaccessible and disabling telemedicine services. While emergency departments maintained operations with no care cancellations, the incident severed digital communications with external healthcare providers and emergency services. Technical teams collaborated with France’s national cybersecurity agency to investigate, with hospital leadership confirming no identified health data breaches or internal data compromises thus far. A criminal complaint was filed following crisis protocol activation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 9, 2023, at approximately 20:30 local time, the Centre Hospitalier Régional Universitaire de Brest (CHRU Brest) experienced a cyberattack that significantly disrupted its operations. The hospital's IT systems were immediately impacted, severing external communications entirely according to hospital management. Internal analysis confirmed that multiple servers had been compromised, prompting the activation of an emergency crisis cell. Technical teams implemented security measures to isolate the hospital’s internet-facing systems from external networks to contain the attack’s spread, resulting in a degraded operational mode for critical IT infrastructure. These containment actions rendered the hospital’s website inaccessible and disabled external-facing applications, including online appointment booking systems, medical imaging consultations, and electronic result transmissions to partner healthcare facilities. Telephone communications via the hospital’s main line remained functional, allowing continued patient coordination. A formal complaint was filed with the Brest police department, and France’s National Agency for the Security of Information Systems (ANSSI) deployed resources to assist forensic recovery efforts.
The attack caused widespread operational constraints, halting telemedicine services such as virtual consultations and remote expert assessments while severing digital connections with external healthcare providers, private medical practices, and emergency medical services (SAMU). Despite these disruptions, CHRU Brest maintained emergency department operations without canceling scheduled treatments. Hospital officials emphasized no evidence indicated unauthorized access to or exfiltration of sensitive patient health records or internal administrative data. The incident revived institutional awareness of cybersecurity vulnerabilities, referencing a prior 2002 IT failure at the same hospital that had necessitated emergency patient diversions. With a service area covering 1.2 million residents and a workforce exceeding 6,500 employees, CHRU Brest’s attack highlighted recurring targeting of French healthcare infrastructure, mirroring incidents at Versailles Hospital (December 2022) and Corbeil-Essonnes’ CHSF (August 2022). While the hospital disclosed no specifics about attack vectors or responsible threat actors, historical parallels to ransomware deployments like LockBit against public hospitals were noted, though French legal prohibitions preclude ransom payments by public institutions.