Cyber Incident Victim: Trois Cantons Ambulances
Date:
Dec 2022
Location:
France
Summary
A French ambulance service in Peyrehorade suffered a cyberattack involving a ransom demand, resulting in complete loss of digital records including patient appointments, contact details, and billing data. Operational disruptions forced the organization to rely on printed schedules for immediate needs while urging patients to proactively confirm upcoming appointments by phone due to inaccessible databases. Both primary software systems were compromised, erasing all digitized information and halting financial tracking, prompting engagement with regional health agencies, insurance providers, legal counsel, and accounting specialists. Technicians focused on securing systems as operations temporarily reverted to manual paper-based processes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 6, 2022, at approximately 5:30 PM, Trois Cantons Ambulances, a medical transport company based in Peyrehorade, France, suffered a cyberattack involving a ransom demand. The attack compromised the company’s digital systems, resulting in the complete loss of patient appointment schedules, contact databases, and billing records. Co-manager Nicolas Huoar confirmed that all files and appointments scheduled beyond December 10 were erased, leaving no accessible data for operations starting December 12. The attackers targeted two critical software systems used by the company, wiping all dematerialized records stored within them. Upon detecting the intrusion, staff immediately printed physical copies of their appointment diary through December 10 to maintain short-term operations. However, the attack left the company unable to verify patient appointments, times, or contact information for subsequent dates. Patients were urged to proactively call the company’s phone number (05 58 73 00 63) to confirm or reschedule appointments. The incident forced the organization to revert entirely to paper-based record-keeping and manual processes by December 7, significantly disrupting service coordination.
The attack caused extensive operational and financial consequences, including the paralysis of billing systems and loss of all patient tracking data. Trois Cantons Ambulances notified the Regional Health Agency (Agence régionale de santé) and the French National Health Insurance Fund (CPAM) about the breach, engaging legal counsel and accountants to address compliance and financial documentation gaps. Technicians worked to secure compromised systems and restore cybersecurity defenses, though no data recovery timeline was provided. The disruption drew comparisons to a 2021 cyberattack on Dax Hospital, highlighting recurring vulnerabilities in regional healthcare infrastructure. Patient care continuity relied on community outreach through professional networks to disseminate alerts about the data loss. The company faced challenges reconciling financial records due to the eradication of billing software data, compounding operational strain. No patient data exfiltration was explicitly confirmed, but the irreversible deletion of critical records underscored the attack’s severity and its impact on medical service reliability.