Health CERT

Monitoring and preventing cyberattacks

What is Health CERT?

On 1 October 2017, the Ministry of Health launched a concerted campaign to prevent cyberattacks on the health sector. An alert system for Information System (IS) security incidents. Formerly known as the ACSS (Support Unit for Health Structures Cybersecurity), the newly named Health CERT (CERT Santé) is a unit dedicated to signalling and preventing cybersecurity threats.

To implement this national digital security strategy, the Ministry is relying on the ANS, and in particular its cybersecurity unit. It is an ambitious strategy that has been steadily extended so that security incidents are now flagged throughout the health sector, including in the social care domain.

The cybervigilance portal provides guidelines on best cybersecurity practices, as well as the latest news and alerts.

The main goals of Health CERT are: 

  • Preventing cybersecurity incidents and resolving existing threats;
  • Monitoring risk and raising awareness within the cybercommunity;
  • Offering national audit services and preventive actions.

5 Minutes to Understand Cybersecurity Challenges

One of the objectives of the cybervigilance portal is to provide Information System Security personnel with information on preventive actions that can be taken against cyberattacks (publication of security bulletins on technology issues, security alerts, guides to managing security, etc.).

Health CERT conducts audits to assess the exposure of IT systems to internet threats to reduce the risk of cyberattacks on health structures.

Health CERT also carries out preventive actions targeting specific threats and offers services designed to improve Information System security – secure messaging services in particular.

Health CERT in numbers

700 active members in CERT – a thriving Information System Security personnel to share feedback on all issues relating to cybersecurity

369 incidents reported to the Ministry of Health in 2020, with more than a hundred of requests for assistance from the CERT

800 health structures were identified as vulnerable to cyberattacks, according to CERT

Numbers of cybersecurity alerts reported between 2019 and 2020

Key service dates

1 October 2017

A platform is set up to process the security warnings in ISs of health structures

2020

The Health CERT (fka ACSS) expands to provide active monitoring and cyberattack prevention

April 2021

ACSS (Support Unit for Health Structures Cybersecurity) is renamed CERT Santé

Videos

Demander un audit de cybersurveillance via l'interface de commande

Consulter les résultats d'un audit de cybersurveillance

Le portail Cyberveille-santé

Frequently Asked Questions

The ANS answers the most common questions about Health CERT

[ Date de mise à jour : 1 Jul. 2022 ] Product / Service : Health CERT Category: Cybersecurity

Yes. The ANS has a video platform with training material, including cybersecurity support. You will find information about cybersuveillance auditing, how to signal a security risk, how to increase your password security, and how to identity malicious email.

 


[ Date de mise à jour : 29 Jun. 2022 ] Product / Service : Health CERT Category: Cybersecurity

Health CERT operates on weekdays between 9am and 6pm. Aside from these working hours, it is possible to contact the ANSSI to signal risks. 

CERT Santé 
+33 (0)9 72 43 91 25 
Agence du Numérique en Santé 
9 rue George Pitard, 75015 Paris


[ Date de mise à jour : 26 Jun. 2022 ] Product / Service : Health CERT Category: Cybersecurity

Healthcare industrials and software publishers are encouraged to contact Health CERT if they discover a security incident or potential malware. CERT provides assistance and support to resolve such issues. CERT also assists you in your communications to health structures.

Partners

Was this page useful to you?

The information you provide in this questionnaire will be saved by the ANS into a digital database in order to optimise our website and improve our services.

The information saved is only to be used by the ANS and is only accessible to its services, its staff, and third-party providers authorised to consult it.

According to the regulation applicable in terms of personal data protection, you have the right to access, modify and erase your data. To do so, you may contact our Data Protection administrator, following the conditions set out in the page Personal Data Protection Policy on the ANS website.