693 incidents reported by health facilities for two years

[ad_1]

The Asip Santé – which has just been transformed into a digital health agency (ANS) – has transmitted to TICsanté a milestone in the activity of the Health Systems Cybersecurity Support Cell (ACSS), set up in October. 2017 under the responsibility of the official in charge of information systems security (FSSI) of the Ministry, Philippe Loudenot.

As a reminder, since 1 October 2017, health structures are required to relay to regional health agencies (ARS) computer security incidents deemed "serious" and "significant". Asip Health was in charge of providing support for the treatment of incidents, through the ACSS cell, and in connection with the ARS.

Serious information system (IS) security incidents are: events that generate an exceptional situation, including those with potential or actual consequences for the security of care, consequences for the confidentiality or integrity of the information in the information system. health and incidents that affect the normal operation of the institution, organization or service, it is recalled.

The Minister of Solidarities and Health, Agnès Buzyn, has planned to expand the reporting of security incidents to all health actors and set up a national service for cybersurveillance in health in 2020. This reinforced control will be ensured by the ministerial delegation of digital health (DNS) and the ANS.

Thus, since October 1, 2017, 693 incidents have been reported by health facilities on the reporting portal, "about thirty reports per month," said the Health Asip.

"The figure is probably low compared to the reality, there are still victims of cyberattacks who prefer to be quiet for fear of being stigmatized.Although it can happen to everyone, they fear that we seek the 'guilty,' commented Philippe Loudenot at TICsanté.

84% of incidents reported by health facilities

Application bug, malicious e-mail message or cryptovirus malware, "43% of reported incidents have a malicious origin," said the health insider.

In detail, 84% of incident reports come from health facilities (against 88% last May) and 13% of reported incidents have "been the subject of a request for support from the impacted structure ".

"Today, there are only 250 to 300 structures reporting incidents, and we are counting on the cyber security campaign at the hospital to see more declarations," said Philippe Loudenot.

In 50% of the cases (compared to 46% in May), computer problems led the organization to implement a degraded functioning of the patient care system. This was notably the case at the CHU Rouen two weeks ago after the cyber attack that affected his computer system.

Finally, 41% of reported incidents had an impact on personal patient information, a "data unavailability mainly," said the agency.

Beyond the treatment of the reports, the cell ACSS ensures a watch on the news of the information systems and on the threats present on the sector of the health on the site cyberveille-sante.gouv.com, one recalls .

A cybersecurity campaign at the hospital

In general, the problem of computer security is at the heart of hospital news. Agnès Buzyn herself launched an information and awareness campaign on cyber security at the hospital on Thursday, November 28th, during the Ile com France stage of the Tour com France e-health.

Thus, a prevention clip of 47 seconds is available to all health professionals and posters are also available.

(Back to the week) Thursday, @agnesbuzyn launched the first national awareness and information campaign on digital health risks for health care institutions. #health.

One word of order, with @esante_gouv_fr : "All cybervigilants!" pic.twitter.com/bppTMN6T0g

– Ministry of Solidarity and Health (@MinSoliSante) December 1, 2019

"The 3,036 health facilities that are present throughout the territory are far from having the same understanding of digital issues and in a context where the threat continues to grow, we must make each and every structure aware that Cybersecurity is the continuity of care security, "she said.

"You will understand, I expect this campaign that it can mobilize institutions in all their dimensions: management teams, digital experts, health professionals, professionals who perform support functions and also users Because we can never say it enough, cybervigilance must be everyone's business, "said the minister.

"We all have a great ambition for digital health: our collective commitment will be the key to success, cybersecurity will be the key to trust," she concluded.

[ad_2]