New commitments to strengthen the cybersecurity of healthcare facilities
Gerald DarmaninMinister of the Interior and Overseas Territories, Francois BraunMinister of Health and Prevention e Jean-Noël BarrotMinister Delegate for Digital Transition and Telecommunications, today organized a working meeting on hospital cybersecurity, with all the departments involved and the main hospital federations.
In recent months, two major cyberattacks have targeted French hospitals: the Corbeil-Essonnes University Hospital (91) on August 21 and CH of Versailles (78) on December 3rd. These attacks have had a significant operational impact on already strained hospital services. In both cases, the white plan for serious health emergencies was triggered and some patients in the most critical states had to be transferred to other hospitals.
The ministers wanted to salute the responsiveness and exceptional commitment of the professionals of these establishments.which guaranteed continuity of care to all patients in the best possible conditions.
This type of attack demonstrates how far we collectively need to step up our efforts, especially as all cyberthreat indicators are on the rise:
- In 2021, approx 260,000 cyber-related lawsuits were registered by the internal security forces (+20% compared to 2020);
- A thousand ransomware attacks were observed in 2021 in the area;
- The Platform of Theseus for the online complaint for Internet scams launched in March has already been received 75,000 reports.
To face these challenges, the guidance and programming law of the Ministry of the Interior and Overseas Territories significantly strengthens resources in this area, with for example the recruitment of 1,500 cyber patrol officers.
As part of the France 2030 cybersecurity acceleration strategy, the government is also mobilizing a one billion euro investment programme. This strategy aims to support the development of a private ecosystem of sovereign and innovative solution providers, which in particular allow to meet the cybersecurity needs of healthcare facilities.
For almost two years, an ambitious IT strengthening plan has been carried out: plant audits conducted by theANSIextensive awareness campaign “All Cyber Vigilant”, release of new funding to improve the security of software and other technical tools, etc. Following the cyber attack that hit the Corbeil-Essonnes CHU this summer, an additional envelope of 20 million euros was released to finance actions aimed at strengthening the level of cyber security in healthcare facilities.
To further strengthen institutions’ preparedness and enable them to cope in the event of attacks, ministers today announce the launch ofan extensive cyber incident preparedness programme. The goal is that by May 2023, 100% of the priority health facilities will have carried out new exercises. In addition, a digital white plan will be drawn up in the first quarter of 2023 to provide structures with the reflexes and practices to adopt if a cyber incident occurs (activation of a crisis unit, impact assessment, in particular). Finally, this new plan intends to pool the competent resources at the level of each region in collaboration with the Regional Health Agencies (ARS).
The ministers reiterated that the new Digital Health Roadmap 2023-2027 it will give a central place to the IT security of the establishments. For this purpose the a task force involving all the competent authorities was born today to build a new massive multi-year cyber plan project by March 2023.
On this occasion, the ministers finally recalled the The state’s constant position of non-payment of ransoms in the event of an attack on public bodies. Ministers also recalled the importance of filing complaints systematically so that investigations can be carried out and successful. Recently, the a pirate Russian in Canada who had participated in more than 115 attacks on French victims has been arrested in Canada.
Office of Mr. Gérald Darmanin
email@example.com – 01 40 07 22 22
Office of Mr. Francois Braun
firstname.lastname@example.org – 01 40 56 60 60
Office of Mr. Jean-Noël Barrot
email@example.com – 01 53 18 43 42