Computer security: when patients are put at risk for computer incidents
According to a figure provided by the Digital Health Agency, we learn that 34 patient-endangered situations have been identified because of computer security incidents, and this only in the year 2020.
A total of 9 percent of computer security incidents were the sources of patient risk as described by CERT Health. This out of a total of 369 reports.
Of the 34 endangered, two were qualified as proven. For the other 32, there is more talk of potential endangerment. "Mainly incidents related to the loss of telecom links (especially for Samu), or total unavailability of the information system (SI). described in the CERT Health report.
This article will also interest you: Medical data: Several hundred French patients see them given data on the Dark Web
The time that in 2019 19 percent of computer security incidents had been categorized as potentially endangering patients.
The 369 incidents that were reported during the year 2020 the water was through 290 facilities including 250 health facilities.
In terms of the majority of reports, namely 301, they come from health facilities. 31 reports come from shelters for dependent elderly people. For radiotherapy centres, there were 4 reports of computer security incidents. The rest comes from a medical biology lab.
For 30 specific reports, they include "primarily statements made by liberal firms and public institutions in the medico-social sector," the report says. "In 2020 as in 2019, the Ehpads represent a growing share of the declarations received," it reads.
It was observed that the CERt Health accompanied 90 accurately reporting. This makes a total of 20 reports higher than in 2020. For technical support, the public body had to intervene nearly 32 times either for remediation or for an investigation. This situation has not been observed in 2019.
With respect to CERT Health's areas of intervention, the organization has acted in:
– 40% of cases for malware incidents
– 28% was for compromised computer systems
– 27% for malicious emails.
Overall, 7 security incidents were "followed up with the IS Security Officer (ISSF) of the social ministries. They came from 5 public health facilities, including 2 essential service operators (ESOs). The report notes.
For its part, the National Information Systems Security Agency has responded to nearly 14 security incidents. Among these incidents 10 years were reported by public health facilities comprising 10 operators of essential services and two residential facilities for the elderly
On the side of the National Agency for the Safety of Medicines and Health Products, there were 4 officially reported incidents. The same is true for the Health Directorate, precisely when these incidents have had an impact on the health of patients.
"In 2020, as in 2019, almost half of the reports (162) are resolved by the structure before they are reported," notes the ANS. "On the other hand, the share of these resolved reports decreases in 2020, particularly in favour of reported 'under investigation' incidents," the share of which "increases by about 6% each year, reaching 27% in 2020," the administrative authority added. In addition, "21 structures did not provide further information as a result of their declaration, despite a request for further information and/or a proposal for support."
"In view of its hospital activity (4.41% of national activity is almost four times less than the Ile-de-France region), the Burgundy-Franche-Comté region is leading the way in terms of incident recovery," the CERT report states. "The Central-Val de Loire and Provence-Alpes-Côte d'Azur (Paca) regions report few incidents in relation to the number of hospitals located in their health territories," the report says.
In addition, the Digital Health Agency reminds us that reports related to computer security incidents were mandatory. "Especially in areas where the number of reports reported to hospital activity is low."
Now access an unlimited number of passwords: