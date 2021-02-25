With this hacking of health data, are we witnessing a turning point?

Pierre Lorcy Not really. We have already experienced theft of more massive email addresses and data in the past. On the other hand, such a leak concerning medical data is indeed a first in France. Three factors can explain this phenomenon. First of all, the world we live in is more connected: every doctor’s office is connected to the Internet, the same for the hospital. This growing use of computers and the Internet automatically increases the number of possible breaches. Then, it should be noted that the world of crime has industrialized: you have people who want to make the most money with the Internet, and who believe that the ransom is the best way. Third element, which follows from the previous one: personal data (name, first name, e-mail…) have acquired an enormous weight. And health data is even more sensitive. Hackers use two types of modus operandi. Either they prevent you from having access to your data, by encrypting it, and force you to pay a ransom. This is what happened in several hospitals recently, targeted by ransomware (ransomware). Either they steal this data from you and threaten to disseminate it if you do not pay. In the context of a pandemic, hospitals represent prime targets: hackers assume that healthcare establishments will do anything to continue operating.

You talk about a world of crime that has industrialized: who is behind these computer attacks?

Pierre Lorcy It should be understood that this universe has become very professional. Behind the attacks are real ransomware SMEs, “2.0” crime companies, run by cybersecurity specialists who hire developers. They design malware and then place it on Software as a Service (SaaS) platforms, often hidden in security holes in consumer websites. These platforms function as stores, made available to hackers against payment. The latter, little hands of cybercrime, come to dig up the tools before sending hundreds of emails to very specific targets (hospitals, for example). We must not be mistaken: the “SMEs” I am talking about are run by organized crime, which invests the Internet to make money. The primary motivation of the pirates remains financial, except of course in the cases of operations of political destabilization – I am thinking of the American election of 2016, for example.

Are attacks targeting the health sector likely to increase?

Pierre Lorcy Of course. But not only in this sector: you can face an avalanche of attacks targeting anything sensitive. Recently, in the United States, pirates wanted to attack a drinking water distribution network (in a small town in Arizona – Editor’s note). Basically, hackers can attack anything that can disrupt the functioning of a community enough to get a ransom. It is purely mercantile. But with the pirates getting stronger and stronger in their attacks, it is imperative that we strengthen our defense.

Does the billion euros plan for cybersecurity, announced a few days ago by Emmanuel Macron, seem up to the task?

Pierre Lorcy The precise content is not yet known, but the main axes presented are going in the right direction. In France, we have people who are very competent in cybersecurity. But we lack human resources, hence the need to develop a training component to train cybersecurity engineers, personnel able to defend themselves against attacks. Beyond that, we must do prevention. In a nuclear submarine, it is not necessarily very serious if your hull is pierced, as long as your watertight compartments withstand the shock. It’s the same in IT: if your system is good, vulnerabilities are fixed as soon as they are identified, then the virus will do less damage. We need resources for all of this.