2023: the year of cybersecurity in healthcare?

Agnès Buzyn, Minister of Solidarity and Health from 2017 to 2020, declared at the time that the security of health information systems was becoming a « national priority » and the « Ma Santé 2022 » law placed cybersecurity among the fundamentals of the digital health roadmap.

And then there were Villefranche-sur-Saône, Dax, Oloron-Sainte-Marie, Albertville, Arles, Castelluccio, Saint-Dizier, Vitry-le-François, Mâcon, Paris, Corbeil-Essonnes, Versailles… And so many other establishments, both public and private, disorganized, traumatized, « on their knees », taking months or years to recover from this painful experience.

The State takes the lead

In February 2021, Emmanuel Macron took up the subject by announcing a series of measures: the creation of the permanent observatory of IS security in healthcare institutions (Opssies), the integration of cybersecurity educational modules in the training of all healthcare professionals, and the injection of 350 million euros from the “Ségur” of health to increase the level of security of hospitals, 135 of which are appointed as operators of essential services (OSE). For its part, Anssi is supporting the main hospitals to the tune of 25 million euros, with a program of audits and associated investments.

In December 2022, Ministers Gérald Darmanin (Interior), François Braun (Health) and Jean-Noël Barrot (Delegate for Digital Affairs), announced the launch of a « vast program to prepare healthcare establishments for cyber-attacks, with the goal that 100% of the highest priority establishments will have carried out new exercises by May 2023. » A ministerial task force is responsible for building a new massive multi-year cyber plan by March 2023. All the players in the chain (ministries, the DGOS, ANS, CERT Santé, the ARS, the GRADES, departments, IT departments, CISOs, etc.) are going to be put in motion behind a governance and steering model that is expected to be simple, clear, and effective.

Critical health information systems

The forces are organizing. The response must now be rapid, massive, and aligned with strategic and political public health issues. But also on the objectives of credibility and capacity to support the evolution of our health system. For the past 20 years, the healthcare system has been modernizing, undergoing a « digital revolution », and structuring all its medical and administrative processes around hardware and software solutions that require high availability, an often critical level of integrity, and legitimate and regulated confidentiality needs.

The robustness and resilience of health information systems, beyond the walls of hospitals, across all the chains supporting health and medico-social activities, is one of the foundations for the support of health professionals and patients.

The crucial role of CISOs

Healthcare CISOs have been preparing for ten years and they are ready. These professionals are going to be the indispensable army in the field. They will have to continue to explain, convince, measure, control, and drive technical projects with the IT departments and business reflections on resilience and crisis management. Two crucial points in the security roadmap will be aligning with the institution’s overall digital strategy and taking into account user requirements in terms of ergonomics, fluidity and security.

In addition, CISOs will have to be integrated into all funding plans and thus benefit from the resources planned by a worried government, which is now well aware of cybercriminal practices and the consequences on an already weakened healthcare system. Hospitals will have to devote a growing and substantial budget to cybersecurity, both in terms of « catching up » and in terms of supporting the many digital transitions required for a modern healthcare system.

The progressive movement towards cloud services, the challenges of sharing healthcare data, the promises of artificial intelligence and medical big data, the inclusion of patients at the center of their healthcare pathway via specialized applications, are all topics that place cybersecurity at the heart of the game, today and tomorrow!