CAIH: the most accessible cybersecurity for all healthcare institutions

We have been protecting the healthcare sector, especially hospitals (CH), for years. When we met the French Hospital IT Purchasing Centre (CAIH), we recognised that their values aligned with our philosophy.

We decided to collaborate with them, with the aim of making the highest level of security affordable and accessible to all healthcare institutions.

The context

The CAIH (an association made under the French law of 1901) manages 37 businesses in the hospital IT field, specialised in many domains including: hardware, software, networks, security, cloud and services, etc. It serves various public health structures such as hospitals (CHs), regional university hospitals (CHRUs) and regional hospital groups (GHTs).

A need for protection to support healthcare

Hospitals today need to constantly protect themselves from disruptions in the continuity of care. Under the auspices of the CAIH, the CISOs of healthcare institutions have designed an innovative and efficient service. The goal: to enable institutions that do not have enough resources to arm themselves against digital threats.

Comprehensive risk coverage

350,000 hospital staff benefit from protected digital services, within health structures of various types and sizes.

• The Biomedicine Agency
• Réunion Island Regional Health Agency (ARS)
• Marseille Public University Hospital System (AP-HM), Lille regional university hospital, Lyon Civil Hospices (HCL), Rouen university hospital
• Annecy hospital, Saint-Jean-d’Angély hospital, etc.
• French National Authority for Health
• Gustave Roussy Institute
• Regional Digne-les-Bains hospital group (GHT04)
• And others !

A 24/7 Security Service for health

This is not just a service, but a community for sharing expertise. We created it in order to permanently improve the prevention, detection and response to cyber threats services in the healthcare sector. A community that relies on the solid experience of the institutions’ CISOs and our expertise.

Responding to challenges and issues

This project is part of the response to the second guideline of the French Government’s ‘Accelerating the eHealth shift’ roadmap. It has enabled the CAIH to step up the security of health information systems.

• Include CISOs in a common strategy with an operated service and a community of users.
• Support French innovation with the integration of a sovereign EDR (HarfangLab).
• Accelerate the deployment of ‘turnkey’ operational security services.

The idea was then to allow work to continue and for there to be no impact on the management of care and on the overall care of patients.

Cyber crises do systematically come with business disruptions, such as loss of time, resorting to using paper, communication problems, etc., which represent a certain cost.All the more so since the attacked system has to be rebuilt and the loss of earnings compensated. Not to mention the cost of the ransom that institutions are forced to pay to access their systems!

The results

The service has been gradually rolled out since March 2020. It now covers more than 120,000 workstations and servers. The institutions that have deployed it following the recommendations have not yet experienced any successful attacks or crises related to ransomware.