DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FR: Mutuelle Nationale des Hospitaliers et des professionnels de la santé et du social (MNH) discloses cyberattack

Posted on February 9, 2021 by Dissent

(translation of statement on their web site):

The MNH has been undergoing a cyber attack since Friday, February 5, 2021 . Computer systems have been disconnected for security reasons.

Our websites (mnh.fr, members’ area, corresponding and elected extranets) as well as our telephone platform (3031) are temporarily unavailable. The processing times for your requests are extended.

Believe that we are well aware of the inconvenience caused. Our teams are working to restore services as quickly as possible.

We are committed to communicating in complete transparency on the evolution of the situation on our website mnh.fr

Gérard Vuidepot, Chairman and Médéric Monestier, Chief Executive Officer

LeMagIT adds some speculation as to how the attackers gained a foothold (translation):

The mutual’s email is protected by Proofpoint, which suggests that the attack did not come that way.  But data from the specialized search engine  Onyphe points to  a Citrix / Netscaler Gateway system that was affected by the CVE-2019-19781 vulnerability, known as  Shitrix, until January 15, 2020.

Such a vulnerability may have been exploited to position a bridgehead that will have been exploited much later.  The example of Dassault Falcon Jet tends to illustrate this, at least if we are to believe the  assertions of the attackers. Last December, they told us they had exploited a system that was still affected by the Shitrix vulnerability at the end of March 2020. But they would not have fully taken advantage of it until around June, three months after having established a head of the bridge.

LeMagIT also notes that polling firm BVA was also hit with ransomware.

h/t, @Chum1ng0

Update:  BleepingComputer reports that the MNH attack was by the RansomExx threat actor(s).

No related posts.

Category: Breach Incidents

Post navigation

← NC: Stolen Chatham county data posted online after cyber incident, includes personnel files, other sensitive documents
University of Colorado responds to Accellion breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.