“We should not ask ourselves whether we might one day be the target of a cyberattack. One day or another, we will be attacked. The most important thing is to have a reaction capacity, protocols and a high level of resilience so as not to be paralysed by a cyberattack”, warns Hervé Barge, director of the eSanté agency in reaction to the recent cyber attacks in Luxembourg's neighbours.
The Vivalia hospital group in Wallonia was targeted by a very serious cyberattack that has paralysed several departments. The cybercriminals are demanding a ransom or they will publish 400GB of medical data issued from the hospital group’s patients database. On 19 April, the GHT Cœur Grand Est in France (in Woippy) was also the victim of hackers. There have also been cyberattacks on more distant hospital structures. Last March, the Castelluccio hospital in Ajaccio was at the receiving end of a cyberattack that paralysed the radiotherapy and oncology care departments. In August 2021, the Arles hospital (Bouches-du-Rhône, France) suffered a cyberattack that rendered patient records unreadable. The cost of this cyberattack is estimated at €1m.
For some years now, some companies, but also hospital structures, have understood the importance of protecting themselves against the effects of a cyberattack.
In Luxembourg, the eSanté agency insists that the hospital sector has become aware of the need to prepare and invest in IT security in order to add to its resilience capacity. “For some years now, some companies, but also hospital structures, have understood the importance of protecting themselves against the effects of a cyberattack by equipping themselves with technological tools, but also with a certain philosophy in the face of this risk,” explains Barge. “In the private sector, I can cite several examples of entrepreneurs who have lost everything following a cyberattack,” he warns.
In other words, hospitals and their boards of directors no longer neglect the risk of a cyberattack and have given themselves the necessary means to avoid being paralysed by a large-scale attack. “Again, the question is not whether we will suffer a cyberattack. It's about how you can build resilience into the hospital's IT structure directly and how you don't cripple patient services when you are hit by a cyberattack. Because one day or another, we will be the victim of a cyberattack”, insists the director of the eSanté agency, who had just returned from a seminar on the subject in Tallinn, Estonia.
Following the events in Wallonia, we carried out a special assessment on the Luxembourg structures.
“Following the events in Wallonia, we carried out a special assessment on the Luxembourg structures, because we know that there are digital exchanges between the various hospitals and doctors working in Belgium and Luxembourg that could be a possible vector for the propagation of a cyberattack. We also regularly monitor the darknet. If we find medical data from Luxembourg patients or structures, we also alert the people concerned,” reassures Barge. “The flaws are sometimes far from being technological feats. A doctor who uses the same password for professional purposes as for his or her Netflix account can be a gateway for cybercriminals,” says Barge.
“If the company has prepared itself to be resilient with, to put it simply, redundancy processes, backups and data recovery, it will not have to pay a ransom,” explains Barge.
But apart from the technological and financial aspects of dealing with future cyberattacks, Europe's challenge will be to find enough IT people to meet future needs. According to several studies, there will be a shortage of almost 2 million professionals in the cyber security market worldwide by 2024, including 800,000 in Europe.
This story was first published in French on . It has been translated and edited for Delano.