Cyber surveillance

Cybersurveillance is a service for diagnosing and assessing the security of information systems in relation to the Internet.

Getting started

The cyber-surveillance service seeks out and preventively detects vulnerabilities on exposed domains on the Internet. It is offered as a priority to GHTs. An interface is made available to healthcare structures to order an audit and obtain the corresponding deliverables.

The service enables, for a defined perimeter of domains exposed on the Internet, to:

Map and determine the attack surface of an information system;
Proactively detect vulnerabilities affecting the information system.

At the end of the investigations and the analysis of the results, areport presenting the identified vulnerabilities, their level of criticality and corrective measures is issued by the ANS.

In practice

The Cyber-surveillance service is currently being implemented for the benefit of all CERT Santé (Computer emergency response team) beneficiaries, with priority given to the GHT (Groupement Hospitalier de Territoire).

To access an industry watch on the latest news, as well as fact sheets and guides on cybersecurity best practices, visit the portail Cyberveille.

When ?

Security must be taken into account from the earliest phases of an application's development cycle, and throughout this cycle, in order to reduce the risk of vulnerabilities being exposed when it goes into production ("security by design" principle). The application's security level must then be maintained over time.

Documentation

Publicly exposed interfaces on the Internet are only part of the perimeter that healthcare organizations need to protect. The results of cyber-surveillance must therefore be taken into account in an overall risk management approach (integrating other types of audits: internal/external penetration tests, configuration audits, ...).

It is also necessary to take into account other sources of threat (malicious code, phishing-type attacks, ...) which can also constitute significant risks to the normal operation of healthcare structures.

The service is regularly enhanced with new vulnerabilities published by editors. It also integrates vulnerabilities concerning remotely-accessible business solutions (telemedicine, access to X-ray and biology reports, etc...) identified as part of these audits.

The service is regularly enhanced with new vulnerabilities published by editors.

Access the doctrine Cyber-surveillance service charter - Terms and conditions of implementation

Our experts on the subject

Emmanuel Sohier,

Agence du numérique en santé

Alain Espinoux,

Agence du Numérique en Santé

Contact our experts

G_NIUS saves you time

The tools to help you with your project.

My regulatory diagnosis

Identify the regulations applicable to your project in just a few questions.

SIS General Safety Policy regulation sheet

The General Security Policy for Healthcare Information Systems (PGSSI-S) proposes a common framework for securing information systems in the healthcare sector.

Finding your way around technical doctrine

The technical doctrine presents the actions of the ministerial roadmap for the digital shift.

Access the doctrine compass