• Health Is Wealth
  • Posts
  • Philippe Loudenot takes stock of IT vulnerabilities in healthcare facilities

Philippe Loudenot takes stock of IT vulnerabilities in healthcare facilities

February 10, 2020

[ad_1]

The vulnerabilities show that cybersecurity "is not a matter of CIO (management of information systems), it is a matter of governance," said Philippe Loudenot.

They mainly come from:

  • obsolete or non-compliant software or systems

  • a lack of visibility or the absence of inventory of the various information systems (IS) of the establishment

  • insufficient checks of peripheral systems

  • lack of interoperability

  • unsecured communication protocols

  • complexities due to too diffuse responsibilities.

Philippe Loudenot notably cited the case of a healthcare establishment hacked by the boiler room management system, which shows that "everything is interconnected".

Cybersecurity is "not an end in itself, it must be at the service of the trades", he insisted. Doctors are able to bypass security solutions if they have too many barriers and "you have to work with them".

He also stressed the need to report incidents, which has been mandatory since October 1, 2017.

"The Rouen CHU was quickly set up thanks to the feedback of information to the cybersecurity support unit for health structures (ACSS) of the digital health agency (ANS, formerly Asip Santé) and then to the National Agency for Information Systems Security (Anssi) ", he said.

Victim of a ransomware on November 15, 2019, the CHU of Rouen operated "in degraded mode" for several weeks, we recall.

"The feedback provides a service to the community," said the FSSI.

"There is no need to be ashamed, there is no value judgment or stigmatization" of the hacked establishments, he insisted. "Everyone gets hacked, even the Elysée, Matignon and big companies."

Finally, the FSSI recalled that two IS strengthening offers were available for healthcare establishments.

The ANS offers an audit of the establishments' online exposure. "We find passwords, patient records … from a few keywords on the Internet. The audit provides the means to remedy them."

Even today, some establishments are "colanders" with IS "directly smart health connected to the Internet, without protection", he noted.

For its part, Anssi offers an "analysis of the spine" of the SI.

The ANS has identified 693 incidents declared by health structures since the implementation of the new reporting system, she told TICsanté in December 2019.

[ad_2]