Cyber Incident Victim: Centre Hospitalier de l'Ouest Vosgien
Date:
Oct 2023
Location:
France
Summary
A French hospital group in Vosges experienced a cyberattack affecting its two facilities, prompting immediate containment measures including system confinement and server shutdowns. Operations reverted to paper-based processes, disrupting scheduled consultations and surgeries for multiple days while maintaining inpatient care, chemotherapy treatments, and emergency services at one location. The incident required crisis management activation and alternative phone lines for affiliated care facilities. This follows similar recent attacks on regional healthcare providers, highlighting operational vulnerabilities despite continuity efforts for critical services. Approximately 1,200 staff were impacted across the organization's sites during the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 7, 2023, the Centre Hospitalier de l'Ouest Vosgien (CHOV) publicly announced it had fallen victim to a cyberattack impacting its two hospital sites in Vittel and Neufchâteau, France. The attack prompted immediate containment measures, with hospital staff isolating and shutting down IT systems to prevent further spread. This confinement of systems forced a rapid operational shift to paper-based processes for all communications and record-keeping. A crisis cell was activated to manage the incident response. Hospital director Dominique Cheveau confirmed the activation of "cyberconfinement" protocols after staff encountered black screens and widespread system failures, indicating a disruptive compromise of core infrastructure. While emergency services at the Neufchâteau site remained fully operational, the hospital suspended all scheduled outpatient consultations and non-urgent surgical procedures until at least Tuesday, October 10. Patients with planned admissions during this period were notified directly. Inpatient care continuity was maintained for existing hospitalized patients, and chemotherapy treatments proceeded unaffected. The hospital established alternative telephone lines to maintain contact with two affiliated EHPADs (elderly care facilities) reliant on its compromised systems.
The cyberattack caused significant service disruptions across CHOV’s 1,200-employee network. Diagnostic and administrative functions reverted entirely to manual paper workflows, creating operational bottlenecks. Scheduled medical activities faced multi-day suspensions, reflecting the depth of reliance on disabled IT systems for patient scheduling, records, and clinical coordination. Despite these challenges, critical services like the Neufchâteau emergency department and cancer therapies continued without interruption, indicating prioritized resource allocation. No data theft or specific attacker motives were disclosed in initial reports. The incident echoed a similar attack targeting Strasbourg’s Saint-Vincent hospital just one month prior, which had disrupted over thirty healthcare facilities, highlighting a recurring threat to French medical infrastructure. CHOV’s response focused on containment and maintaining essential care while assessing restoration timelines, with no immediate public attribution or detailed technical analysis of the attack vector provided.