Skip to content
RansomwareOngoing

Leak at Haute-Comté intercommunal hospital centre

On 19 October 2025, the Centre Hospitalier Intercommunal de Haute-Comté in Pontarlier (France) was hit by a Cryptolocker ransomware attack that encrypted part of its data, forcing a full IT shutdown and a return to paper-based care; attackers demanded a 5 million euro ransom.

Victim
Haute-Comté intercommunal hospital centre

On 19 October 2025, the Centre Hospitalier Intercommunal de Haute-Comté — a public hospital serving the Pontarlier area of the Doubs (Bourgogne-Franche-Comté), France — was struck by a ransomware attack. The intrusion began during the night of 18–19 October, around 3 a.m., when a "Cryptolocker"-type ransomware encrypted part of the hospital's IT data.

To contain the spread, management ordered a complete shutdown of the information system. Clinical staff fell back to paper-based working — handwritten prescriptions, fax and manual record-keeping — to keep patient care going, while the hospital set up a freephone line for appointment enquiries and asked the public not to overload its telephone switchboard. The attackers reportedly demanded a ransom of around 5 million euros in bitcoin to restore access to the encrypted systems.

Because the attack centred on encryption of internal systems, the principal impact was operational disruption rather than a confirmed mass exfiltration of records; French authorities (the ANS, ANSSI and the regional health agency ARS Bourgogne-Franche-Comté) were engaged in the response, and a criminal complaint was filed.

  • Hospital IT systems and stored data (encrypted)
  • Patient-facing services (admissions, scheduling, clinical record access) disrupted

The hospital has not paid the ransom and is undertaking a full rebuild of its information system. As of 2026 the situation had stabilised but a return to normal operations was not expected before 2027, leaving the incident ongoing.

Sources

  1. pleinair.nethttps://www.pleinair.net/actualites/item/17199-pontarlier-cyberattaque-le-centre-hospitalier-intercommunal-de-haute-comte-contraint-de-couper-son-systeme-informatique
  2. france3-regions.franceinfo.frhttps://france3-regions.franceinfo.fr/bourgogne-franche-comte/doubs/haut-doubs/cyberattaque-a-l-hopital-de-pontarlier-ne-surchargez-pas-les-lignes-telephoniques-le-systeme-informatique-a-l-arret-complet-3236039.html
  3. france3-regions.franceinfo.frhttps://france3-regions.franceinfo.fr/bourgogne-franche-comte/doubs/haut-doubs/cyberattaque-dans-un-hopital-nous-sommes-revenus-au-papier-au-fax-une-rancon-attendue-pour-debloquer-les-donnees-numeriques-3236537.html
  4. usine-digitale.frhttps://www.usine-digitale.fr/article/une-cyberattaque-touche-l-hopital-de-pontarlier-son-systeme-informatique-a-l-arret.N2239874

Related incidents

RansomwareOngoing

Leak at Résidence du Parc (Champdeniers-Saint-Denis)

In December 2025, the EHPAD Résidence du Parc nursing home in Champdeniers-Saint-Denis (Deux-Sèvres, France), home to around 90 residents, was hit by a ransomware attack that encrypted files and dropped a $5 million ransom note; administrative data and possibly scanned ID documents were exposed.

Victim
Résidence du Parc (Champdeniers-Saint-Denis)
RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens