France to invest €1bn in cybersecurity as hospitals targeted

Hospitals alone accounted for 11% of all cyber attacks recorded in France in 2020

Published Modified

French President Emmanuel Macron has announced a plan to allocate one billion euros to strengthen cybersecurity in France, with €350million to be dedicated to hospitals, the target of more and more attacks since last year. In the past year alone, the number of cyber attacks in general has quadrupled in France, with 27 hospitals affected.

In 2021, an average of one hospital per week has been the target of a cyber attack, France’s digital and telecommunications minister Cédric O stated.

This increase in attacks on hospitals has coincided with the Covid-19 pandemic. Mr Macron has described the rise as a “crisis within a crisis”.

He announced the new investment plan on Thursday (February 18) after two hospitals in Dax (Landes) and Villefranche-sur-Saône (Rhône) became the latest victims of hackers.

"The cyber attacks in Dax and Villefranche-sur-Saône confirm the importance of taking the issue of cyber security very seriously. We have made it a priority,” Mr Macron said.

He said that investment in cybersecurity will be a big part of the government’s economic relaunch plan France Relance, set up to kickstart the economy given the effects of the Covid-19 pandemic.

“We are investing massively to strengthen the cybersecurity of public services, as well as the health and medical sector,” he said.

“We need to strengthen training in the field of cybersecurity and double the number of jobs in this strategic sector by 2025.

“We need to raise awareness: you don't need to be an expert to thwart most cyber attacks. They are often based on carelessness: a password that is too obvious, a suspicious file, a suspicious email request... Vigilance! In case of doubt,” he stated.

Why are hospitals in particular being attacked?

One of the most common types of cyber attacks are “ransomware” attacks. This is where hackers manage to steal data from a company, institution, individual, etc. and then hold that data for ransom. This type of attacks on hospitals is not new but has been increasing.

“Since 2016-2017, the criminal groups behind ransomware attacks have become highly professional, Laurent Besset, director of cybersecurity company I-Tracing, told news website HuffPost.

He likened the groups to small and medium-sized businesses that can make tens of millions of euros of profit every year.

These criminals, because they are more professional and better organised, are multiplying their attacks and are increasingly targeting professional structures, Jérôme Notin, the head of government cybersecurity platform cybermalveillance.gouv.fr, said in an interview with radio channel France Culture

He said that there had been a 25% increase in attacks on companies and a 50% increase in attacks on local authorities in 2019 to 2020.

Hospitals are particularly affected because they make for lucrative targets.

"Even before Covid, hospitals were pretty good customers," Mr Besset said. This is because they are easier targets for hackers due to a lack of investment in IT security systems.

"When a hospital allocates a budget that is already stretched, it will have areas more important than IT, and within IT, it will probably have areas more important than security,” he said.

Coralie Héritier, CEO of IDNomic, a company that helps equip companies to protect themselves against cyber-attacks, agreed.

"It is true that the health sector is one in which we are present, but not as much as others such as defence or the banking sector,” she told Huffpost.

“There is room for improvement in terms of equipment, training and education in the hospital environment.

“Some action has already been taken, but given the rapid evolution of the attacks and the increasing exposure, it is necessary to intensify this infrastructure,” she said.

She welcomed President Macron’s announcement of more funding, saying it will “allow those who are more vulnerable to become better equipped”.

Should ransomware attack victims pay to get their data back?

France’s digital and telecommunications minister said no.

“Never pay a ransom. There is no guarantee that your data will be recovered. The best way to protect yourself from a cyber attack is to make regular backups to a secure cloud or external hard drive and to adopt the right habits,” he stated.

Mr Besset said companies and institutions can be divided into two categories on this point.

There are those who, for ethical reasons, refuse to pay and therefore to finance cyber crime, and others who "ask themselves the question in a purely pragmatic way and ask themselves what costs them the least in the end".

“In the context of hospitals, the potential risks and impacts are not only financial, they are also human,” he said.

Hospitals that refuse to pay the ransom - as they are advised not to by the government - are forced to rebuild their computer systems from scratch. This can take between two and three days to recover basic access and several weeks for a full recovery.

During this period, there can be difficulty in accessing certain medical imaging equipment, slowed communication between departments and a more complicated allocation of beds and doctors.

Read more:

France: 4-fold rise in online shopping scams last month

Data of 9m EasyJet clients hit in cyber-attack