In 2020, 27 cyber attacks affected French hospitals*, (X 2 in 2021) disrupting critical operations and endangering patients.
In response, the government has launched the CaRE program, aimed at strengthening protection against cyber threats and improving the resilience of healthcare facilities.
With a budget of €250 million by 2025 and €750 million by 2027, this program aims to prevent attacks and enable healthcare establishments to focus on the care they provide.
*Source: Ministry of Solidarity and Health “Information file May 2021”.
The aim of the program is to organize the governance of cybersecurity in the healthcare sector by integrating national (ANSSI, ANS, DGOS), regional (ARS and GRADeS) and local (professionals, establishments, as well as manufacturers) players, in a coordinated and coherent approach, under the leadership of the Délégation au numérique en santé (DNS).
Patrowl, your cyber partner
Patrowl goes beyond compliance with the CaRE Program standards; we focus on support, ease of use and visualization of vulnerabilities:
identification of exposed assets on the internet
personal guidance on compliance with standards (D1.O2)
0 set-up to help you protect yourself as quickly as possible
1-click reporting and retesting of corrections against vulnerabilities
referral to the ANS & ANSSI-approved central purchasing agency (CAIH)
exclusive offer to CaRe programs with Risk Insight functionality
The aim of the CaRe program is to strengthen the cybersecurity of healthcare establishments to ensure continuity of care for patients, by focusing their strategy on four points.
To support this approach, the Ministry of Health has developed cybersecurity crisis exercise kits, adapted to different levels of maturity, to help establishments prepare and respond effectively in the event of an attack.
These tools also include a kit for drawing up business continuity plans (BCP) and disaster recovery plans (DRP), essential for maintaining and restoring services in the event of a crisis.
Implement measures to improve the security of information systems in healthcare establishments and adapt to regulatory changes (NIS2). To address emerging threats, the government is making available a “catalog of cyber offerings” published on the ANS website.
This catalog brings together over 400 solutions proposed and distributed by ANSSI, ANS, GRADeS and central purchasing agencies (CAHPP, CAIH, RESAH). These solutions enable establishments to prevent, control, detect, react and rebuild in the face of cyber threats.
Train healthcare professionals and raise their awareness of cybersecurity issues to better prevent incidents and avoid intentional errors that could lead to security breaches.
The first call for funding (“Domain 1”) of the CaRE program for healthcare establishments aims to strengthen their security by limiting their exposure to the Internet and consolidating the management of technical directories. Recent cyberattacks have revealed that Internet exposure is one of the main points of entry for attackers into healthcare facilities' information systems.
The HospiConnect domain, as part of the CaRE program, helps healthcare establishments deploy secure electronic means of identification for professionals. The aim is to simplify and secure access to sensitive digital services, such as the Dossier Médical Partagé (DMP), using a single identity and reinforced authentication (two-factor).
Deployment is being carried out in three phases:
Phase 1 - ALPHA: Testing with 15 structures.
Phase 2 - BETA: Extension to a larger number of facilities.
Phase 3 - GENERALIZATION: Deployment to all interested facilities.
Selected facilities will receive technical and financial support to implement these systems.
Your questions about the CaRe program :
Active directory
Internet exposure
Crisis management exercises
Cyber risk self-assessment
Digital budget quote calculation
Steering and monitoring objectives for all GHTs
Maintaining service continuity
Increase in exposed attack surface
High remediation and correction costs
Loss of trust and damage to reputation
Risk of regulatory sanctions
