Back with Sandrine Etoa-Andegue on the significant events of the year. And it is those who have experienced them who tell them. Pascal Bellon, the director of the Versailles University Hospital, looks back on the cyberattack that hit the hospital last winter.
December 3, 2022. In the early evening, some computer screens at the Versailles hospital center go black and display this message, “all your important files have been stolen and encrypted. Follow our instructions”. The director of the establishment, Pascal Bellon, warned by telephone, took the immediate decision to shut down the entire computer system to prevent the virus, which started from a simple internal application, from spreading with a risk of data theft. personal.
>> They made the news. Franck Couderc at the head of the Flots Bleus campsite ravaged by the fires of July 2022 in Gironde
About ten days after this intrusion, he declared on franceinfo: “Today, we do not know if data has been exfiltrated, how much and if it will be disseminated in the days or weeks to come. We are preparing for it. We will have to communicate with all of our patients if unfortunately medical data is released.”
“This Saturday, December 3, it’s an earthquake”
A crisis unit is assembled, the white plan triggered, six patients will be transferred and part of the operations planned at the CHU, which has 700 beds and 3,000 staff members, are rescheduled. Pascal Bellon, director of the hospital since 2018, revisits with philosophy and precision, these months of crises during which the teams had to show resilience and inventiveness. He remembers “black screens and numerous printers in the hospital literally spitting out wads of paper with a Lockbit attack type message”.
In the corridors of the hospital, “this Saturday, December 3, it’s an earthquake“. The teams find themselves deprived of an essential work tool in a busy period, “We are at the beginning of December, We are 15 days away from the school holidays. It is a difficult period for our hospitals, for the health system in general. So there, on Sunday morning, we take the bet to say: we don’t no more computers! It’s very brutal. We’ve lost our collective tool, back to paper and pencil and let’s invent organizations on the ground that allow us to meet the needs of the population, but in complete safety.”
In concrete terms, this means – even if part of the patient files were still on paper – that an organization must be redesigned “which is completely dictated by the tool, it is also part of the lessons to be learned”.
Back to basics
The hospital becomes more than ever an anthill “great with staff who set out for the benefit of patients” And “whose legs and arms replace the pipes to carry the results, bring the papers”. Pascal Bellon notes with humor that this return to basics was also “a little revenge of the generation that knew pencil and paper on all our young geeks who found themselves much more in difficulty than our oldest who knew how to do it. The youngest have not known a hospital without an information system . So it’s true that it was difficult.”
“It was difficult for the management team, the information system, but also, we don’t think about it spontaneously for the teams who do the payroll, those who place the orders. For the suppliers too, it’s is difficult because we spent a few months not being able to pay them anymore. We were completely without any information system until the end of March, beginning of April.”
Pascal Bellon, director of the University Hospital of Versaillesat franceinfo
The staff reacted as during the Covid period, that is to say with “resilience and determination”. The most complicated thing to manage for the director of the hospital, who first points out that “if there was a good mobilization, it is because we immediately took it as an act of war, a cyber-attack in a hospital like ours can have extremely serious consequences on patients “it’s here “weariness” because “everything is much longer. It’s not easy because it’s a long-distance race. So we sequenced, we said we’re going to do three-month periods because we know that the total reconstruction of an information system can take a year or 18 months.”
“A monstrous job” of repair
Regarding the schedule, rather than repairing the old computer system affected by the virus, a new tool was built “with an architecture that we call three-tier. To put it simply, when one of the third parties is affected, the other two are safe. So that’s important because it avoids what happened to us. say that an entire information system could be affected by a virus. There was something like never again. So that takes a bit of time. And as we go along, we restore the all the applications, but also the workstations. So, at the beginning of July, we were able to make available to all professionals the 2,500 workstations that we removed, immediately cleaned and put back into service, which represents a monstrous job.”
The goal is a return to normal for the Paris 2024 Olympics, more than a year and a half after the cyberattack. The investigation, entrusted to the Center for the Fight against Digital Crime, which depends on the National Gendarmerie, is still ongoing. The management of the CHU de Versailles refused to pay the ransom demanded by the hackers, but has not found any data leaks to date.