A 20% change in IT security incidents at the level of health facilities in France

According to a recent report, published on 10 July, by the Digital Health Agency, THE ANS, cybersecurity incidents at the health facility level have changed by 20% in the year 2019.

It should be noted that the National Digital Health Agency is the institution responsible for supporting health facilities in the handling of computer security incidents, through a unit specialising in cybersecurity support for health institutions.

This article will also interest you: Hackers promise not to attack health institutions and hospitals

More than 392 incidents were reported in 2019 affecting nearly 300 health facilities. This is a visible change from 2018, which saw 327 incidents compared to 247 establishments.

The report means that 38 incidents in particular have impacted: "pharmacies or non-digital systems have not been treated in particular." It can therefore be remembered that 357 incidents may have dealt with

Approximately 55 establishments reported at least 2 incidents while 7 reported 4 incidents. "The total number of declarations is still low in terms of the number of structures affected by the reporting requirement (over 3,000) and the probability that at least half of the structures concerned had to deal with an incident that had an impact on its normal operation during the year," the Digital Health Agency reports.

The support structure means that the scheme was being deployed more widely to "all health actors including the medico-social sector, and has already been offered to residential facilities for dependent elderly people".

The report means that the vast majority of security incidents have hit health facilities height of 333. 24 concern in particular the Ehpad, 3 medical biology laboratory, 28 for pharmaceutical structures, public health and social health facilities and liberal practices, and 4 for radiotherapy centres. A measure that seems very much the same as in 2018.

At this level the digital health agency notes this: "There is always an under-reporting of incidents by private actors, who have sometimes had to deal with major incide[mais]nts are still reluctant to share information about their management. ».

It should be noted that clinics reported nearly 14% of safety incidents in 2019, 12% of reports to private health facilities. The latter make up 22% of the total health facilities in France, while clinics make up 32 percent.

74% of incident reports, or 3-quarters, were from public health facilities. They actually make up 45% of the establishments, in total.

At the level of the support cell of the National Digital Health Agency, 70 requests for support were made during the year 2019. While in 2018 the figure was only 47. That's 20% evolution. "Support is usually requested in incidents with a significant impact on the structure" especially "the management of viral attacks and the compromise of systems, but the structures also sometimes require the ACSS cell to intervene with providers when they are the cause of the incident (network failure, application malfunction) and are not sufficiently reactive. stresses the ANS.

Physically, let's say that 14 security incidents "were followed up on the part of the information systems security official," a division of the Ministry of Solidarity and Health. In 2006 there were 6 incidents.

11 incidents were handled by the National Information Systems Security Agency compared to 2 in 2018, as part of "assistance to medium-sized structures victims of ransomware. »

8 of the incidents were alerted by the Health Directorate. These alerts "concerned incidents of malicious origin (stopping IS and data loss caused by ransomware) and malfunctions of prescription software that resulted in suspicion of overdose or the production of incorrect prescriptions. explains the National Digital Health Agency. Note that we 2018 we were only three alerts.

Now access an unlimited number of passwords: