Cyber Incident Victim: Dedalus
Date:
Dec 2020
Location:
France
Summary
A healthcare IT publisher experienced a cyberattack targeting its French operations, leading to immediate system shutdowns and isolation of the affected site alongside network disconnections. The company notified customers and initiated technical investigations to assess the incident before restoring services, asserting no data exfiltration occurred and confirming no ransom payment would be made due to successful containment measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 2, 2020, Dedalus, a publisher specializing in hospital information technology, experienced a cyber attack targeting its Mérignac site in France. The company detected the incident on the same day and initiated immediate containment measures. All systems at the affected site were shut down to halt further intrusion. Network and internet access to the Mérignac location were severed to isolate the compromised environment from Dedalus’ broader infrastructure. By December 3, Dedalus France’s Deputy Managing Director Didier Neyrat confirmed the attack to industry publication TICsanté and disclosed that customers had been formally notified that morning. Technical teams prioritized forensic analysis to determine the attack’s origin, methodology, and scope before restoring operations.
Dedalus maintained there was no evidence of data exfiltration during the incident, as stated by Neyrat on December 3. The company asserted it successfully blocked the attack before any ransom demands could be issued, precluding payment negotiations. A press notice dated December 4 was subsequently published on Dedalus’ official website, though its contents were not detailed in available reporting. The primary operational impact stemmed from the proactive shutdown of systems at the Mérignac facility, which disrupted normal business functions until forensic reviews concluded and access could be safely restored. No secondary impacts on healthcare providers or patient data were disclosed in initial communications.