Cyber Incident Victim: Institut de Formation Santé de l'Ouest

The Institut de formation Santé de l'Ouest, a healthcare training institute in France, experienced a ransomware attack beginning on March 25, 2021. Cybercriminals infiltrated the organization's systems over several days before publicly threatening to release stolen data. The attackers exfiltrated hundreds of internal documents containing sensitive health information, which they subsequently published on dark web platforms as leverage for extortion. Four compressed file containers were made available online by the threat actors, demonstrating their access to the institute's systems and intent to pressure the organization into paying ransom demands. The compromised data included confidential records pertaining to both employees and patients, with particular focus on individuals associated with EPHAD care facilities for the elderly.

Patient records exposed in the breach contained psychological evaluations, medical histories, and reports of incidents occurring within care facilities. The attackers employed standard ransomware group tactics by simultaneously encrypting systems and stealing sensitive data to maximize pressure on the victim organization. Analysis of the attack timeline suggests the initial compromise occurred on March 25, with data exfiltration and system infiltration continuing until the threat actors published their ultimatum. Healthcare institutions in France generally maintain policies against paying ransoms due to constrained budgets and ethical considerations, resulting in permanent loss of the stolen data according to standard practice. The incident exemplified broader targeting of healthcare entities by cybercriminals despite the sector's limited financial resources, with patient privacy and institutional operations suffering primary impacts from the unauthorized disclosure of medical records.