Cyberattacks have a favourable eye on hospitals.
Over the past while, we have seen an increase in computer attacks targeting health facilities. With the health crisis things unfortunately get worse. The interest of hackers in the hospital sector is due to a glaring lack of resources. Whether it is in terms of skills, labour or financial means, in one way or another, the cyber security of hospitals is being set in motion.
This article will also interest you: Computer attack on a hospital: where exactly the flaw comes from
Faced with this situation, the government decided to take this matter to heart, especially by investing as much as possible in strengthening the security of the information systems of health institutions.
In one of these recent speeches, French President Emmanuel Macron detailed "the dramatic consequences that these attacks can have on medical facilities whose sensitivity is clear, and moreover in a pandemic context." He then announced the restoration of the Permanent Observatory for Better Control of cybersecurity of these establishments.
This approach is necessary and timely. Indeed, the computer security of hospitals is not homogeneous. Establishment on putting in its way content with its means and priorities. That is why the Minister responsible for health and the Secretary of State for Digital Affairs highlighted the deployment of the "National Health Cyber Surveillance Service" by the National Information Systems Security Agency in collaboration with the Digital Health Agency.
It is a service that is in a phase of "progressive ramp-up" of the Digital Health Agency of the ANS. It will be responsible for mapping the attack surfaces of computer systems, allowing here to determine potential security vulnerabilities and possible data leaks. This "Cyber Health Watch" organization will be built to make them more effective so that it can be used to help against computer attacks.
In continuity, 135 hospital groups will join the category of essential service operators. This will bring some obligation in the way of organizing and controlling computer systems as well as the implementation of certain means to enable good digital hygiene practices. Everything will be done to ensure that cyber security awareness is "integrated into all health actor training courses in order to strengthen digital hygiene practices, in a context of strengthening the convergence and interoperability of information systems" as stated by the Secretary of State for Digital Affairs, Mr. Cédric O.
"Digital services are vital to the functioning of hospitals, like communities, which are in the eyes of the attackers most able to pay the ransom demanded. Thus, these institutions are not attacked on the grounds that criminals would like to target the health system per se, but because they want to do ROI," explains Romain Lecuvre, a patriarch and co-founder of the French company specializing in bug bounty hunting, YesWeHack.
According to Jacques de La Rivière, the boss of the French Company Gatewatcher: "The attackers did not understand that there is not as much cash in French hospitals as in American clinics, and that they are not allowed to pay the ransom. Nevertheless, the hospital sector remains very attractive for cyber criminals, mainly because of its lack of security due to lack of resources. ».
As mentioned above, one of the main reasons for this lack is the blatant lack. "We now have the cyber recovery plan where public-private cooperation is announced to address these security issues," noted Romain Lecuvre. For his part, Karl Rigal points out: "From the vulnerability reviews to the implementation of slopes, by moving to the configuration of security, forensic and governance policies, the private sector can accompany these structures which are often neither equipped nor sensitized internally to these issues. ».
"At some point, you'll have to go over the size of the teams. It is already surprising that hospital IT teams are able to do what they do with so few resources." Christophe Corne, For the head of Systancia.
Now access an unlimited number of passwords: