Healthcare facilities are essential for the survival of a society in the truest sense of the word. They have an important role to play in the well-being and health of their citizens. Cybercriminals are also aware of this. They are trying to exploit exactly that. In 2024, healthcare facilities and hospitals were the sector with the second most common cyberattacks in the world. These are primarily ransomware attacks.
The calculation of the ransomware gangs is simple: If they encrypt all of a facility’s health data, medical staff are again dependent on pen and paper and no longer have any insight into patients’ medical history or medication plans. Since it can be a matter of life or death, in the past, such entities were more inclined to pay the demanded ransom in order to regain access to the data.
To avoid such a situation, cybersecurity is crucial. In France, aDvens, a leading independent European cybersecurity company, is cooperating with CAIH (Centrale d’Achats Informatiques des Hôpitaux), the French purchasing organization for IT and telecommunications in the healthcare sector. This is an organization that was founded in 1901 and has been supporting public and private non-profit healthcare institutions in their IT procurement since 2014. The facilities served by the CAIH include hospitals, regional university hospitals, hospital groups and medical care facilities.
Under the supervision of the CAIH, the CISOs of the participating healthcare facilities have set up a Secure Operations Service to support the facilities in defending against cyberattacks. The focus is particularly on institutions that would otherwise not have sufficient resources to do so. The Secure Operations Service consists of four components:
- An endpoint detection and response (EDR) solution: This can be implemented quickly and easily without large overhead costs and immediately enables great visibility of all events on the endpoints.
- A Security Operations Center (SOC) with 24/7 availability: Security incidents happen around the clock and must be contained as quickly as possible. If monitoring is carried out exclusively during normal office hours, great damage can already be caused before the incident is discovered.
- An interface to the CERT Santé of the French health authority ANSM (Agence nationale de sécurité du médicament et des produits de santé): The interface makes it possible to inform the CERT Santé as quickly as possible about possible dangers and, if necessary, to exchange indicators of compromise (IOCs) so that they can be monitored across organizations.
- Availability of the service for all non-profit healthcare institutions: All institutions can be equally affected by a cyberattack and therefore require uniform protection in order to detect any campaigns as early as possible and to be able to prepare other organizations for them.
A 24/7 service for health
For the SOC solution, CAIH has chosen aDvens as its provider. The decisive factor was that aDvens is a European provider that relies on its own sovereign platform and brings the corresponding expertise in the healthcare sector.
The European cybersecurity company monitors the IT of French healthcare institutions around the clock, 365 days a year, with its mySOC solution. On the one hand, aDvens relies on strong technology partners and on the other hand, it has its own independent mySOC platform. Healthcare facilities can choose between different EDR providers, including European solutions. mySOC collects and integrates data from all environments (network, clients, servers, cloud and OT), enriches it and contextualizes it to identify vulnerabilities and threats. Machine learning algorithms effectively reduce false positives. In addition, experienced analysts investigate and prioritize alerts and help customers respond to incidents around the clock. In the mySOC portal, customers always have a transparent view of all the managed detection and response services they use and can work directly with aDvens’ analysts. The modular portfolio can be adapted specifically to the needs of the customer.
“It was crucial for CAIH to offer a tailored service to its affiliated healthcare facilities that would serve to improve IT security in the facilities,” says Vincent Deleau, Director of Operations at CAIH.
Since the start of the rollout in March 2020, 179 facilities – including, for example, the university hospitals of Marseille, Lille and Rouen – have already been monitored with a total of almost 290,000 devices. In the quarter, an average of 11 million suspicious events can be detected and 120 malicious processes prevented.
aDvens is part of the Provider Directory.
