Many French hospitals have been hit by severe computer attacks which paralyze at least part of their activities each time. To better anticipate cyberattacks, the government has just set up a new program.
A few weeks ago, Clubic wondered if it was possible to better protect our hospitals against cyberattacks. The experts in the cyber sector that we were able to interview were all or almost unanimous in saying that the levers are numerous, of course, but that hospitals today face a cruel lack of means which slows down this famous process of securing. In response to the large-scale attacks suffered by the CHU of Corbeil-Essonnes on August 21 and the CH of Versailles at the beginning of the month, several members of the government gathered around the services mobilized and the main hospital federations, to take new commitments.
A digital white plan, to equip hospitals with the best cyber reflexes and tools
Ministers Darmanin (Interior), Braun (Health) and Barrot (Digital) announced on Wednesday the launch of a cyber incident preparedness program, the very ambitious objective of which is to encourage all health establishments classified as “priority” to carry out new exercises (or simulations) by May 2023.
At the same time, a digital white plan should be drawn up in the first half of the year, to give institutions the tools, reflexes and practices necessary to adopt, in the event of a cyberattack. Behind this white plan, we find the idea of setting up a crisis unit and carrying out an assessment of the impacts on services in particular.
To give the operation more chances, the new plan should make it possible to pool the competent resources of each region, in conjunction with the Regional Health Agencies (ARS). The ministers promise to give a decisive place to the cybersecurity of hospitals and other healthcare establishments, as part of the new 2023-2027 digital health roadmap.
A task force bringing together the competent authorities has just been created to establish, by March 2023, a new massive multi-annual cyber plan project.
The State invites not to pay the ransoms demanded by the hackers
The ministers took the opportunity to recall the state’s position on the management of ransomware. For the government, the practice that must be imposed on public bodies that are victims of an attack is that of non-payment of the ransom demanded by the hackers. The same goes for the filing of a complaint, which must be systematic, since the procedure allows investigations to be carried out and then to succeed. A Russian hacker, who had notably participated in more than a hundred attacks against victims based in France, was recently arrested in Canada.
In 2021, more than 260,000 cyber-related legal proceedings were recorded in France by the internal security forces, 20% more than the previous year. The Thésée platform, which allows you to file complaints online for web scams, has already reached the 75,000 reports mark, even though it has only been active since March.
The government is in the process of taking the measure of cybersecurity and the considerable work it represents. The State has already put more than a billion euros on the table to speed things up, and authorities such as ANSSI contribute to supporting and raising awareness among establishments. Efforts should continue in the coming months.
7