In the midst of a health crisis, cyber attacks against French hospitals are on the increase. Hackers do not hesitate to disrupt the functioning of these establishments, however essential. Faced with this situation, the government decided to act and recently unveiled its new strategy.
A new strategy to help hospitals
Recently, the hospitals of Dax (Landes) and Villefranche-sur-Saône (Rhône) have suffered cyber attacks. These have had undesirable repercussions, in particular the deprogramming of surgical procedures and the referral of patients wishing to go to the emergency room. According to an article in the Lyon daily Progress On February 22, 2021, the Minister of Solidarity and Health Olivier Véran and the Secretary of State for Digital Cédric O went to meet the staff of the Villefranche-sur-Saône hospital. On this occasion, the duo presented measures whose objective is to secure computer networks health facilities.
A budget of 350 million euros has been allocated to strengthen security, an amount included in the Health Segur, a major consultation that took place in May 2020 as part of the overhaul of the health sector and in response with significant flaws that the Covid-19 pandemic has revealed. Let us recall in passing that in September 2020, a German hospital deplored the death of a patient who could not undergo an operation following a cyber attack.
What is the government planning?
The State initially plans to carry out audits to support healthcare establishments in their approach to securing. In addition, the deployment of National Health Cyber Surveillance Service in partnership with the Agence du Numérique en Santé (ANS) will be accelerated. The purpose of this device is to preventively seek and detect vulnerable points of the system of information hospitals. Following these investigations, the authorities will issue a report.
Set up in 2020, the national health cybersurveillance service is making progress and prioritizing requests from the country’s 136 Groupements Hospitaliers de Territoires (GHT). By the way, let’s remember that France counts no less than 1,300 public health establishments. There is therefore a long way to go in order to meet the cybersecurity needs of all these establishments.
A conditional and already criticized strategy
State aid will be subject to conditions. Candidate establishments must obligatorily dedicate between 5 and 10% of their IT budget computer security. Let us also mention the integration of an “IT hygiene” module in the courses of health personnel. In addition, 135 hospital groups will have to register on the list of essential service operators (OSE). This status characterizes an entity providing an essential service, while being dependent on computer networks (or information systems). However, the shutdown of these networks and systems could have a significant impact on the functioning of the economy (or society).
However, this new strategy is already receiving several criticisms. Indeed, it is indeed a question of reinforcement, but no real promise has been made concerning the means implemented to resolve the problems that the surveys will identify. However, hospitals have for some time already listed several problems, including the presence of obsolete computer systems. While the number of cyber attacks against these establishments has exploded for several months, there is therefore no guarantee that the situation will improve in the near future.