Over the past 12 months, several French healthcare establishments have been victims of cyberattacks. This is the case, for example, of the Bourg-en-Bresse hospital in April and that of Versailles at the end of 2022.
According to Anssi, the state security agency, the health sector is the third sector most affected by cyberattacks, after local authorities and VSEs/SMEs. And according to the government, the threat situation is not weakening.
An action plan developed by a group of field experts
To respond to this threat, the executive is setting up a program: CaRE, for Cybersecurity acceleration and resilience of establishments. On December 18, the Ministers of Health and Digital Affairs presented their action plan.
Its objective is to implement measures intended to protect health establishments from the cyber threat. The program’s actions have been the subject of discussions for several months within a “working group bringing together experts in the field.”
According to the ministries concerned, their discussions aimed to construct an “unprecedented action plan to strengthen the cyber security of health establishments and medico-social structures.”
A first call for projects on cyber remediation
CaRE thus aims to accelerate the upgrade of hospital information systems and to sustainably strengthen the resilience of healthcare structures. To achieve this ambition, the program has a budget of 250 million euros until 2025.
By the end of 2027, total investment in cybersecurity in the French health sector will reach 750 million euros. Two goals are pursued: to prevent attacks from succeeding and to allow establishments to recover from them as quickly as possible.
As part of CaRE, a first call for projects worth 60 million euros was launched at the end of December. This envelope will finance so-called cyber remediation plans for health establishments.
These plans are intended to “address vulnerabilities that can be exploited by attackers and thus reduce the risk of intrusion and the distribution of malware in the establishment’s information system.”