Health & cybersecurity

CaRE program

Protecting healthcare establishments (3rd most affected sector) and patients from cyberattacks: Cybersecurity, Acceleration and Resilience of Establishments through French e-health.

Demander une démo

What is the CaRe program?

In 2020, 27 cyber attacks affected French hospitals*, (X 2 in 2021) disrupting critical operations and endangering patients.

In response, the government has launched the CaRE program, aimed at strengthening protection against cyber threats and improving the resilience of healthcare facilities.

With a budget of €250 million by 2025 and €750 million by 2027, this program aims to prevent attacks and enable healthcare establishments to focus on the care they provide.

*Source: Ministry of Solidarity and Health “Information file May 2021”.

Who can benefit from the CaRe program?

The aim of the program is to organize the governance of cybersecurity in the healthcare sector by integrating national (ANSSI, ANS, DGOS), regional (ARS and GRADeS) and local (professionals, establishments, as well as manufacturers) players, in a coordinated and coherent approach, under the leadership of the Délégation au numérique en santé (DNS).

Territorial hospital groups (GHT)

Public-sector establishments (excluding GHTs)

Private establishments

Patrowl, your cyber partner

Solution for the CaRE program

Patrowl goes beyond compliance with the CaRE Program standards; we focus on support, ease of use and visualization of vulnerabilities:

  • identification of exposed assets on the internet

  • personal guidance on compliance with standards (D1.O2)

  • 0 set-up to help you protect yourself as quickly as possible

  • 1-click reporting and retesting of corrections against vulnerabilities

  • referral to the ANS & ANSSI-approved central purchasing agency (CAIH)

  • exclusive offer to CaRe programs with Risk Insight functionality

4 strategic axes of the CaRE program :

The aim of the CaRe program is to strengthen the cybersecurity of healthcare establishments to ensure continuity of care for patients, by focusing their strategy on four points.

Governance and resilience

To support this approach, the Ministry of Health has developed cybersecurity crisis exercise kits, adapted to different levels of maturity, to help establishments prepare and respond effectively in the event of an attack.

These tools also include a kit for drawing up business continuity plans (BCP) and disaster recovery plans (DRP), essential for maintaining and restoring services in the event of a crisis.

Resources and pooling

Implement measures to improve the security of information systems in healthcare establishments and adapt to regulatory changes (NIS2). To address emerging threats, the government is making available a “catalog of cyber offerings” published on the ANS website.

This catalog brings together over 400 solutions proposed and distributed by ANSSI, ANS, GRADeS and central purchasing agencies (CAHPP, CAIH, RESAH). These solutions enable establishments to prevent, control, detect, react and rebuild in the face of cyber threats.

Sensibilisation

Train healthcare professionals and raise their awareness of cybersecurity issues to better prevent incidents and avoid intentional errors that could lead to security breaches.

Sécurité opérationnelle

The first call for funding (“Domain 1”) of the CaRE program for healthcare establishments aims to strengthen their security by limiting their exposure to the Internet and consolidating the management of technical directories. Recent cyberattacks have revealed that Internet exposure is one of the main points of entry for attackers into healthcare facilities' information systems.

The HospiConnect domain, as part of the CaRE program, helps healthcare establishments deploy secure electronic means of identification for professionals. The aim is to simplify and secure access to sensitive digital services, such as the Dossier Médical Partagé (DMP), using a single identity and reinforced authentication (two-factor).

Deployment is being carried out in three phases:

  • Phase 1 - ALPHA: Testing with 15 structures.

  • Phase 2 - BETA: Extension to a larger number of facilities.

  • Phase 3 - GENERALIZATION: Deployment to all interested facilities.

Selected facilities will receive technical and financial support to implement these systems.

Your questions about the CaRe program :

6 topics to master and prioritize before 2024

  • Active directory

  • Internet exposure

  • Crisis management exercises

  • Cyber risk self-assessment

  • Digital budget quote calculation

  • Steering and monitoring objectives for all GHTs

What are the challenges facing healthcare establishments in the face of cyber attacks?

  • Maintaining service continuity

  • Increase in exposed attack surface

  • High remediation and correction costs

  • Loss of trust and damage to reputation

  • Risk of regulatory sanctions

Our latest news

See more news