The computer security of hospitals and communities “is going to improve,” said Anssi’s new CEO, Vincent Strubel, on Tuesday during the presentation of a cyberthreat panorama in 2022, where these objectives have been strongly affected.
In the second half of the year, hospitals in the Ile-de-France region and departmental and regional councils were targeted by ransomware, causing serious operational problems.
“The finding remains unsatisfactory because it is despicable and unacceptable for a hospital to be paralyzed” with, for example, possible delays in admission to the emergency room, Vincent Strubel responded during a press conference by the French Information Security Agency.
But, according to him, the community and the health sectors have implemented “prevention procedures” with the help of Anssi and, in general, the State, and “the victims attacked two years ago are easier to capture today. This is proof that it really works,” he said.
Tips to prevent attacks
Anssi, the French agency responsible for the security of information systems, publishes recommendations on its site for establishments to protect themselves against cyberattacks.
It advises, in particular, to save your data on a medium not connected to the network, in order to be able to restore it in the event of encryption by a group of cybercriminals.
“It is technical but not only. A hospital director or the head of a community must also mentally prepare to be called to an emergency, on the night of Saturday to Sunday, to isolate certain services. Experience shows that when you react fast, you limit very hard,” she explained.
The great value of health data
Among the 109 ransomware-related attacks handled by Anssi in 2022, about 25 (23%) affected local and regional authorities and about ten (10%) health facilities, and “nothing suggests that there is a specific target of the attackers.” health actors”, analyzes Mathieu Feuillet, deputy director of operations at Anssi.
Especially since these public institutions, which obey strict accounting rules, are among the least likely targets to pay the ransoms demanded by cybercriminals.
However, health data, and in particular “treatment monitoring”, can sell for a high price on the black market and cybercriminal groups “scan” many targets to see who pays, says Vincent Strubel.
Faced with this “opportunistic” threat, Anssi’s basic precaution is to raise her security level enough to appear less vulnerable than her neighbor.
Source: BFM TV
