On August 21, the Center Hospitalier Sud Francilien (CHSF) in Corbeil-Essonnes had patients’ personal information stolen. More recently, at the beginning of December, it was the turn of the Versailles hospital center (CHV), to see its confidential files stolen and encrypted.
Faced with the multiplication of these cyberattacks, the government announced on Wednesday a “vast preparation program” for health establishments. “The objective is that 100% of the highest priority health establishments have carried out new exercises by May 2023”, explain in a joint press release the Ministers of the Interior Gérald Darmanin, of Health François Braun and the Minister Delegate at Digital Jean-Noël Barrot.
State posture: never pay ransoms
“A digital white plan will be drawn up in the first quarter of 2023 to provide establishments with the reflexes and practices to adopt if a cyber incident occurs”, such as the activation of a crisis unit or the assessment of the damage caused by hackers, adds the press release.
This plan should make it possible to “pool competent resources at the level of each region in conjunction with the Regional Health Agencies (ARS)”. A “task force” responsible for building a new massive multi-year cybersecurity plan project by March 2023 has also been created.
In 2021, a thousand ransomware attacks were recorded in France, according to the Ministry of the Interior and around 260,000 cyber-related legal proceedings were opened (+20% compared to 2020). During attacks against public bodies, the “constant posture” of the State is not to pay ransoms, the ministers recall.