French health insurance company MNH hit with ransomware attack

French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has experienced a ransomware attack that has disrupted the company’s healthcare operations. 

Ransomware operation, RansomExx, a rebranded version of Defray777 ransomware is behind the attack. Some of the group’s high-profile attacks include Brazil’s government networks, Texas Department of Transportation (TxDOT) and Tyler Technologies.  

The mnh.fr website now displays a notice stating that it has been affected by a cyberattack that started on 5 February. The message by Gérard Vuidepot, chairman and Médéric Monestier, chief executive officer, concludes with: “Our teams are working to restore services as quickly as possible. We are committed to communicating in complete transparency on the evolution of the situation on our website mnh.fr.”

WHY IT MATTERS

MNH is a mutual insurance company in France that provides health insurance services, and plans focused on the health sector. The company’s website is used by members to generate insurance quotes or to manage services and benefits.

Like most ransomware operations, RansomExx works by compromising a network and harvesting unencrypted files for their extortion attacks. After gaining access to an administrator password, they deploy the ransomware on the network and encrypt its devices. RansomExx has also created a Linux version to enable access to all critical servers and data in a targetted organisation, potentially gaining access to confidential health data. 

In a Tor web page ransom note to MNH, RansomExx describes how the group will negotiate with the company, stating that they have encrypted the files using “the most reliable algorithms.”

The group also threatened to create “serious problems to the affected organisation” if the ransom instructions are not followed correctly. 

THE LARGER CONTEXT

In the UK, outsourcing firm behind NHS Test and Trace, Serco confirmed that parts of its infrastructure in mainland Europe had experienced a double extortion ransomware attack from cybercriminals operating the Babuk group.

With criminals taking advantage of the COVID-19 crisis, telehealth programmes and the work-from-home model, HealthcareITNews previously explored the ways to recover from a cyber crisis.  

ON THE RECORD

Eoin Keary, CEO and founder of Irish cybersecurity company Edgescan, said: “End-to-end encryption should be standard, not something people have to opt in to, in my opinion. 

“Consumers who purchase IoT devices such as Ring may not be savvy enough to consider the implications of no end-to-end encryption. Vendors should provide strong security controls when it comes to protection of consumers privacy, and these should be enabled by default.

“Not enabling end-to-end encryption in relation to physical security devices such as Ring may lead to unauthorised monitoring of consumers’ home and turn into a physical security risk.”

Source: Read Full Article