French government launches health institutions cyber defense plan
CaRE program will benefit from 250-million-euro public investment over two years.
On December 18, 2023, the French government presented an action plan to “protect health institutions from cyber threats.” Named CaRE (Cybersecurity, acceleration and resilience of institutions), it will be granted 250 million euros in public funds by 2025, and over 750 million by 2027.
According to Aurélien Rousseau, the minister of Health and Prevention (who has since resigned) and Jean-Noël Barrot, the minister delegate in charge of Digital Affairs, CaRE’s goal is to “accelerate the upgrade of hospital computer systems to respond to current threats” and to “sustainably strengthen the resilience of health infrastructure.”
The plan includes four areas:
- building cybersecurity governance in the health sector and strengthening the resilience of health institutions, “by involving national, regional and local players”;
- promoting resource-pooling between institutions and growing computer systems and cybersecurity;
- offering all health and administrative personnel digital and cybersecurity training, raising awareness of regulations and good practice;
- improving health institutions’ operational security (identifying and patching vulnerabilities, detecting threats, defense and remedial planning).
Moreover, Aurélien Rousseau announced a 60-million-euro call for proposals to develop “cyber remedial” plans dedicated to the health sector.