Cyber surveillance

Cybersurveillance is a service that diagnoses and assesses the security of information systems with regard to the Internet, in line with increasingly stringent European cybersecurity regulations, particularly the Cyber Resilience Act.

Getting off to a good start

The cyber-monitoring service proactively searches for and detects vulnerabilities in domains exposed to the Internet. An interface is available to healthcare facilities, healthcare management systems, radiation therapy centers, and clinical laboratories, allowing them to request an audit and receive the corresponding deliverables.

For a defined set of domains exposed to the Internet, the service enables:

Map and determine the attack surface of an information system;
Proactively detect vulnerabilities affecting the information system.

Following the investigations and analysis of the results, the ANS issues a report detailing the identified vulnerabilities, their severity level, and corrective measures.

In practice

The Cyber-Surveillance service is currently being implemented for the benefit of all beneficiaries of CERT Santé (Computer Emergency Response Team).

To access industry-specific news updates as well as fact sheets and guides on cybersecurity best practices, visit the Cyberveille portal.

When ?

Security must be considered from the earliest stages of an application’s development cycle and throughout that cycle in order to reduce the risk of vulnerabilities being exposed when the application goes live (the “security by design” principle). The application’s security level must then be maintained over time.

Documentation

Publicly exposed interfaces on the Internet represent only part of the scope that healthcare organizations need to protect. The results of cyber monitoring must therefore be incorporated into a comprehensive risk management approach (that includes other types of audits, such as internal and external penetration tests, configuration audits, etc.).

Other sources of threat (malicious code, phishing attacks, etc.) must also be taken into account, as they can pose significant risks to the normal operation of healthcare facilities.

The service is regularly updated with new vulnerabilities published by software vendors. It also includes vulnerabilities related to remotely accessible business solutions (telemedicine, access to radiology and laboratory reports, etc.) identified during these audits.

Access the doctrine Cyber-surveillance service charter - Terms and conditions of implementation

Our experts on the subject

Emmanuel Sohier,

Agence du numérique en santé

Alain Espinoux,

Agence du Numérique en Santé

Contact our experts

G_NIUS saves you time

Tools to help you with your project.

My regulatory assessment

Use these questions to identify the regulations that apply to your project.

Fact sheet: SIS General Security Policy

The General Policy on Health Information Systems Security (PGSSI-S) provides a common framework for securing information systems in the health sector.

Navigating Technical Doctrine

The technical framework outlines the actions included in the ministry's roadmap for the digital transformation.

Access the Doctrine Compass