Computer security: effectively protecting against ransomware, myth or reality for hospitals
It was mentioned several times that hospitals and other health facilities for years are regularly the target of hackers.
Indeed, it is difficult to envisage a month without any such scandal being mentioned in the media. Of course, this is part of a general framework in that hospitals are not the only ones of cybercrime of course. Yet the major challenge facing the authorities at this time of health crisis is the protection of hospitals in the face of this rise in cyber malice.
This article will also interest you: Hospitals and the cybercrime business
The type of computer attacks that hospitals in France are subjected to, for example, and that of ransom seekers. In order to put in place an effective strategy to combat this situation, it is appropriate to consider the fact that it is safe to do so. Are these attacks preventable? Or do they simply highlight the vulnerabilities that affect hospitals' computer systems?
Let's do a little recap on what a ransomware is. It is a computer program classified in the category of malware. It works in a fairly classic way. The goal of publishers of such programs is to prevent computer system users from accessing the content of this system by locking access. This is what the malware does then. But preventing access to the computer system is not enough. Indeed, the software once access is locked requires payment of a ransom in exchange for the decryption key. A key without which computer system owners will be unable to access system content irreversibly. This can result in the loss of huge data of a sensitive nature. Generally, the ransoms demanded are payable in cryptographic currency much more in bitcoin.
The authority responsible for the issue of computer security in France, namely the National Agency for Security of Information Systems, acknowledged in a report published in early February entitled "the state of the ransomware threat against companies and institutions" that the scourge of ransomware is very worrying and taken seriously by the state authorities. It was seen as a problem. As a result, the independent administrative authority continues to increase alerts and advice on good practice and hygiene in digital. Despite this, cyberattacks continue to proliferate. One wonders what is the problem at the hospital level. Why can't they protect themselves? To this question of experts give their views:
"While it is normal for hospitals to be affected, I would say yes, in the sense that the criminal systems currently do not specifically target a company or a person, but are all about opportunities where there are vulnerabilities. So, as soon as they find a gateway into an organization, more or less large, they go in, look at what's going on, extract data and install ransomware in the final stage. Today everything is open on the Internet in one way or another, if only through e-mail, which is potentially secure. The difficulty is whether we are sufficiently secure, prepared for this type of threat, this is not necessarily the case everywhere. explains Eric Fressinet, a gendarmerie officer who specializes in combating cybercrime, who is also head of the National Cyber Threats Unit of the National Gendarmerie.
"I think it makes sense, because hospitals are relatively critical institutions but are not housed in the same way as vital operators — IVOs — such as the energy sector, because they are not nationally dependent. They are not IVOs but hospital groups of territories, for the most part. Hospitals therefore do not have the same criticality for the Information System Security Agency (ANSSI). If I find it logical that these computer attacks affect hospitals is that it represents the state of health of a country in a figurative and literal sense. Hackers say that ransoming hospitals is more interesting, that they will pay more easily than others, given their state of tension and difficulties. For the technical ease aspect to attack them, I also think it makes a lot of sense. I have worked in territorial hospital groups and for me, in these institutions, from a technical point of view, we walk on the head. Philippe Laquet, a network security and architecture engineer with more than 20 years of experience in the IT management of public institutions, namely hospitals.
Now access an unlimited number of passwords:
