In early March 2023, the Brest hospital was the victim of a major cyberattack, leaving its information system non-functional. The large number of cyberattacks on hospitals highlights the issue of securing healthcare data, as this information is highly prized by cybercriminals. In 2021, the French Agence du Numérique en Santé (ANS) reported 730 incidents in the healthcare sector, almost double the number reported the previous year (369 in 2020). However, solutions do exist to protect sensitive data, such as Parsec, used by the Nègrepelisse hospital and certified by the French National Agency for Information Systems Security (ANSSI).
Hospitals are easy, lucrative prey
The hacking of the Brest hospital is just one in a long list of cyberattacks. The Bourg-en-Bresse hospital was also the victim of a cyber attack on the night of April 10-11, 2023. These highly sensitive entities should be subject to extensive IT security. This raises the question of whether their security is up to the threat. For a long time, hospitals were thought to be sacred places, safe from any malicious attack. Today, however, there is no such thing.
Cyber attacks on hospitals are widespread. Personal health data, which is sensitive information, attracts a great deal of interest and is becoming lucrative on the Dark Web. Blackmail to distribute patients' personal files, as happened at the Vitry-Le-François and Corbeil-Essonnes hospitals, is a wake-up call. In a globalized digital world, protection is vital.
It's important to point out that French hospitals lack the resources to combat increasingly sophisticated and devastating cyber-attacks. Given the day-to-day problems faced by public hospitals (understaffing, lack of beds, etc.), cybersecurity issues relating to sensitive data are all too often neglected.
The controversy surrounding the Health Data Hub
The context is even more complicated when it comes to health data sharing. The controversy that followed the creation of the Health Data Hub highlights the limits of government initiatives. The Health Data Hub aggregates data from the National Data System to enable "easy, unified, transparent and secure access to healthcare data to improve the quality of care and support for patients".
On the other hand, the data is hosted by Microsoft, a company subject to U.S. law and thus to the Cloud Act, which authorizes the U.S. government to seize any data hosted by a company headquartered on U.S. territory. And while there is talk of migrating data to a sovereign solution, whether French or European, this is not expected to happen before 2025...
The innovative Parsec solution for protecting sensitive data: the case of Nègrepelisse hospital
The case of Nègrepelisse's Turenne Hospital, which has been using the Parsec solution since January 2023, shows just how useful it is to use a tool dedicated to the protection of sensitive data and certified by ANSSI. "As part of the management of the hospital group's Common Admissions Commission, we needed an IT tool to coordinate the management of files across several sites," says Sonia Perez, social worker at Nègrepelisse hospital.
The use of Parsec, an innovative, collaborative solution for the cybersecurity of sensitive data, meets the needs of the healthcare establishment in every respect, offering a high level of security and ergonomics: " The coordination of actions between the players on the committee has been optimized. We've noticed a regularity and fluidity in exchanges. The software's ergonomics also encourage satisfactory staff involvement in the process of managing sensitive documents by the Groupe Hospitalier's Common Admissions Commission. The software has enabled us to better structure our actions, and to achieve a good match between resources and results," adds Sonia Perez.
Thanks to Parsec, file management at several sites is carried out on our secure French platform, guaranteeing data security and sovereignty. French healthcare establishments must progressively adopt sovereign, high-quality solutions to guarantee their confidentiality.