Health
Strengthening cybersecurity in the healthcare sector: protecting patients, sensitive data and critical information systems.
1. Securing your healthcare information system: risk management and IT security policy. Map your IS (servers, applications, IT systems), secure the infrastructure, and implement a security policy aligned with the GDPR, ANSSI, and CNIL. 2. IT security audits and vulnerability analysis for healthcare facilities. Benefit from customized technical audits (penetration testing, configuration, Active Directory, backups, OT, web/mobile penetration testing) to identify security flaws and vulnerabilities in your healthcare IS, in compliance with PASSI and ISO standards. 3. Encryption, Cryptography, and Protection of Confidential Healthcare Data: Protect patient data and critical information systems with encryption, cryptography, and access policy solutions tailored to HDS and ISO 27001 requirements. 4. Cyberattack Detection, Security Incident Management, and Cybercrime Response (Healthcare SOC): Continuously detect cyberattacks, manage IT security incidents, and benefit from expert response via a managed healthcare SOC, ANS compliance, and dedicated industry tools. 5. Authentication, Access Management, and Secure Password Policy: Control internal/external access, secure passwords, and authenticate each user to mitigate the risks of incidents, malicious access, or targeted attacks. 6. User awareness and cybersecurity training for all staff in healthcare: Raise awareness among physicians, management, interns, biomedical engineers, and partners through campaigns, quick reference guides, information security reporting, advice, and communication tailored to the professional culture to limit the attack surface. 7. Regulatory compliance, standards audits, and healthcare-aligned security reporting: Comply with regulations (CNIL, GDPR, HDS, PGSSI-S, NIS2, LPM, ISO/PASSI standards), benefit from on-demand IT security audits, and access reporting adapted to medical management or the executive committee. 8. Healthcare network architecture and segmentation, and IT security solutions: Adopt hardened architectures, network segmentation (IT/biomedical/OT), advanced firewalls, and information security governance solutions adapted to the hospital or laboratory context. 9. Securing connected systems and connected healthcare devices (OT/IoT/SCADA): Deploy system security measures, OT monitoring, multi-site management, and robust IT security policies to protect medical devices, operating rooms, imaging, and automated healthcare systems. 10. IT risk reduction and business continuity/disaster recovery plans for the healthcare chain: Ensure continuity of care despite incidents: application-based business continuity/disaster recovery plans, backups, incident reporting, and direct tools for IT/CIO departments and hospital teams.
Cybersecurity and health: protecting what heals
The health sector faces increasing, targeted threats with major impacts: interruption of care, theft of medical data, disabling of vital devices, legal or reputational pressure… Whether it is a hospital, a laboratory, a biotech company or an e-health player, cybersecurity is no longer an option but a strategic component of patient continuity.
Ensuring the availability of medical systems
Operating room, prescription, DMP, professional tools
Protecting health data
GDPR, HDS hosting, MSSanté exchange
Responding to targeted cyberattacks
(ransomware, double extortion) SOC, EDR, PCA applications
Comply with sector-specific obligations
CNIL, ANS, HDS certification, PGSSI-S framework
Dealing with structures under tension
Lack of information security resources, heterogeneity of information systems or IT practices
Managing the co-activity of IT / biomedical / service providers
Critical areas, contractors, healthcare providers
What this course allows you to pilot
Strategy & Governance
Proposed actions
Assistance in formalizing a healthcare information systems security policy, prioritized information systems security dashboard, healthcare executive committee
Business value
Clarifies governance and makes security priorities visible
Risks & Compliance
Proposed actions
Critical IT mapping, HDS compliance analysis, GDPR DMP/DPI program
Business value
Aligns safety and regulatory requirements without excessive paperwork
Architecture & SecOps
Proposed actions
Review of data flows between IT systems / biomedical systems / the Internet, hardening of healthcare cloud infrastructure (AWS, GCP, Azure HDS)
Business value
Ensures the consistency of interconnections within a controlled framework
Cyber Defense Operations
Proposed actions
24/7 health SOC, detection of medical/administrative/OT system anomalies
Business value
Protects continuous, uninterrupted care operations
Incident & Crisis
Proposed actions
Hospital incident management procedures, response with the Health CERT / ANS
Business value
Reduces blocking time, improves inter-team escalation
Resilience
Proposed actions
Crisis scenarios (IT system failure, loss of access to DMP, encrypted NAS), application disaster recovery plan
Business value
Maintains the chain of care, communicates effectively with practitioners
Cyber culture
Proposed actions
Awareness-raising for doctors, administrators, interns, biomedical professionals, and governance professionals
Business value
Awareness-raising for doctors, administrators, interns, biomedical professionals, and governance professionals
For whom?
Hospitals, clinics, public or private hospital groups
Laboratories, CMEL, biotech, research centers
Startups and publishers in e-health or healthcare platforms
Structures relying on HDS-certified or managed IT systems
Health Course Content
- Mapping of critical IT systems / business applications
- IT system exposure measurement (RDP, OT, external applications)
- PGSSI-S alignment, CNIL and internal security policies
premium services
- Maintaining continuity of care even in the event of a computer incident
- Achieving HDS/CNIL/ANS compliance without undue complexity
- Enabling the IT department and medical management to speak a common cyber language
- Realistic management, equipped and grounded in the functional needs of care
- Effectively protect patient data throughout the entire care pathway
Safety as an extension of the care chain
Use Cases
Situation encountered
- Partial or heterogeneous tooling
- Incident management is unclear
- Regulations imposed
- Awareness poorly suited to the care
- Management not very involved
Our contribution
- Security consolidation within a compatible business framework
- Inter-team quick reference guides that can be activated immediately
- Practical adoption of the requirements by the relevant departments
- Short, targeted formats, delivered with a pedagogical approach
- Customized reporting for CRUQ, COPIL, COMEX or CME
Practical details
Duration
6 to 12 months depending on scope (IT systems, establishments, tools)
Delivery method
in-house or in support of the healthcare CISO/CIO
Areas covered
HDS, Cloud Healthcare, DPI/DMP, Sector-specific M365, Windows/Active Directory
Dedicated support system
Intrinsec, holder of the RESAH contract (no. 2023-R035, lot 3) in a group with Amossys and Advens, offers a complete range of security and compliance audits for health and social care establishments[1].
Customized technical audits
Penetration testing, security audits (IT architecture, configuration, Active Directory, backup, OT), web/mobile pentests, source code audits, Red and Purple Team.
Vulnerability identification
Detection of exploitable vulnerabilities in systems, software and hardware.
Evaluation of existing security measures
Verification of the effectiveness of policies, procedures and controls, identification of gaps.
Compliance analysis
Verification of compliance with regulations (GDPR) and security standards (ISO 27001, NIST...).
Attack resistance test
Simulation of cyberattacks to assess defense capabilities.
Risk reduction
Corrective recommendations to address the shortcomings and mitigate the risks.
Awareness and recommendations
Concrete recommendations and awareness of good cybersecurity practices.
Available exclusively to RESAH members via the dedicated buyer area
The advantages of the offer
Turnkey solutions to cover all your cybersecurity audit needs
Work units that meet the program requirements CaRE
Teams comprised mainly of senior staff who conduct more than 2,000 tests and audits per year
Conducting audits requiring specific accreditation such as PASSI, PACS, or other ISO standards...
Ready to Strengthen Your Cybersecurity?
Don't let threats catch you off guard. Discover how our program can secure your organization.
