Cyber-surveillance

Cyber-surveillance is a service to diagnose and evaluate the security of the information system with regard to the Internet.

Getting started

The cyber-surveillance service is a comprehensive system which allows the detection of vulnerabilities in an Internet-exposed information system (auditing exposed interfaces, intrusion tests, configuration audits, malicious code, etc.).

To do this, the cyber-surveillance platform’s features include:

Mapping and determining the attack surface of an information system
Detecting vulnerabilities affecting an organisation's information system
Detecting a possible data leak (source code leak, data leak, user data leak, etc.) targeting the information system

A cyber-surveillance report is provided, describing all the detected vulnerabilities sorted by criticality as well as a remediation action plan with priorities set.

For more information, see the Documentation section.

In practice

The cyber-surveillance service is currently being implemented for the benefit of regional healthcare coordination authorities (GHTs) and facilities that have been victims of a cyber-attack. It is testing configuration best practices for the network, servers and applications exposed to the Internet.

When ?

By late in the first quarter of 2021, an online service will be available to order an audit.

The service will be gradually opened to all facilities that request it.

Documentation

The cyber-surveillance service allows the detection of vulnerabilities in an Internet-exposed information system.

Interfaces publicly exposed to the Internet are only some of the places where healthcare facilities need protection. The results of cyber-surveillance must therefore be taken into account as part of a comprehensive risk management approach (one which incorporates other types of audits: internal/external pentests, configuration audits, etc.).

Other sources of threats (malicious code, phishing attacks, etc.) must also be taken into account, as they can also pose significant risks to the normal operation of healthcare facilities.

The service could be enhanced to analyse remote access to health applications (telemedicine, access to X-ray and lab reports, etc.).

Our experts on the subject

Emmanuel Sohier,

Agence du numérique en santé

Cédric Bertrand,

Agence du numérique en santé

Contact our experts

G_NIUS saves you time

Tools to help you with your project.

Check for regulations

Answer a few questions to learn what regulations apply to your project.

Fiche réglementation Politique Générale de Sécurité SIS

La politique générale de sécurité des systèmes d’information de santé (PGSSI-S) propose un cadre commun pour sécuriser les systèmes d’information du secteur de la santé.

Finding your way around the technical framework

The technical framework describes the actions in the ministerial roadmap for the eHealth shift.

Access the Framework Compass