Cyber Incident Victim: Villefranche-sur-Saône Hospital

On February 15, 2021, the Villefranche-sur-Saône hospital center in France’s Rhône region announced it had suffered a major ransomware attack detected at 4:30 AM local time. The incident involved the Ryuk crypto-virus, a known ransomware strain designed to encrypt systems and demand payment for decryption. The attack severely disrupted operations across three sites operated by the North West Hospital: Villefranche-sur-Saône, Tarare, and Trévoux. Hospital authorities issued a press release confirming the attack’s significant impact on their infrastructure, though they did not specify whether patient data was exfiltrated or if a ransom demand was received. Emergency medical services were immediately affected, forcing the hospital to implement contingency plans. This incident followed a similar attack on Dax Hospital, highlighting a pattern of targeting healthcare facilities in France during the COVID-19 pandemic.

In response to the operational crisis, the hospital coordinated with the Auvergne-Rhône-Alpes Regional Health Agency (ARS), emergency medical services (SAMU), and fire departments to redirect critical patients. Emergency cases requiring treatment at the Villefranche and Tarare sites were systematically transferred to alternative hospitals or private clinics until further notice. The hospital did not publicly disclose technical details about the attack vector, initial access method, or the scope of encrypted systems. No restoration timeline or decryption progress was provided in the initial announcement. The disruption underscored the vulnerability of healthcare infrastructure to cyberattacks with immediate real-world consequences for patient care delivery.