Going Beyond Cybersecurity

While protecting information systems (IS) remains essential, it cannot guarantee complete invulnerability to cyberattacks – especially with determined adversaries leveraging new technologies to exploit inherent vulnerabilities in complex and often outdated infrastructures. To make matters worse, there is  “an even more tense international climate, the effects of which are having increasingly significant repercussions in cyberspace,” according to ANSSI. This situation demonstrates that it is no longer just about building walls for protection but about developing an intrinsic capacity to survive and thrive at all levels of the organization in the face of the inevitable: cyber resilience.

IBM defines cyber resilience as an organization’s ability to prevent, withstand, and recover from cybersecurity incidents. It is a concept that combines business continuity, information systems security, and organizational resilience. Cyber resilience offers a proactive strategy that acknowledges the inevitability of incidents and prepares methodically to address them. It involves developing institutional and technological agility to quickly detect intrusions, effectively contain attacks, maintain critical services despite disruptions, and restore operations from a degraded state to full functionality within a reasonable timeframe. In a field where every second counts and patients’ lives depend on the availability, integrity, and confidentiality of their data and hospital information systems, the transition to cyber resilience is no longer optional but a vital imperative.

Achieving cyber resilience requires a holistic and iterative approach, structured around several interdependent pillars defined by international organizations such as the European Union Agency for Cybersecurity (ENISA), the International Telecommunication Union (ITU), the National Institute of Standards and Technology (NIST), and the International Organization for Standardization (ISO). This approach highlights the importance of preparation and adaptability in the face of cyberattacks. Despite differences in specific frameworks, these organizations agree on the following key steps for achieving cyber resilience:

This pillar focuses on preventing cyberattacks before they occur. It includes:

• • • • Identifying the institution’s critical assets, threats, and vulnerabilities.
      • Enhanced and adaptive protection: While prevention is no longer absolute, it remains essential. This involves implementing security measures to prevent cyberattacks, such as deploying robust, up-to-date security solutions and regularly training employees in digital hygiene.
      • Early and contextualized detection: It is crucial to detect intrusions from their first signs. This involves installing sophisticated monitoring systems, conducting behavioral analysis, and using AI to identify subtle anomalies.

The exploitation of an undetected vulnerability can deprive a hospital of its network and the critical services hosted in the cloud, thereby compromising the continuity of care. During a ransomware attack – such  as the one suffered by Stell Hospital in France – systems are paralyzed, communications are cut off, and patient safety is jeopardized. Already exhausted healthcare staff must then exert even greater effort in a tense environment, inevitably slowing down care. The objective of Pillar 1 is to strengthen the hospital’s defenses with advanced technologies to anticipate threats, including zero-day attacks (vulnerabilities that have not yet been identified).

When an attack occurs, a rapid, coordinated, and effective response is needed to limit the damage:

• • • • Effective and orchestrated incident response: The hospital must implement incident response plans (IRPs) with clearly and well-defined roles, responsibilities, and procedures. This includes threat detection, containment, and eradication. Endpoint Detection and Response (EDR) solutions enable continuous monitoring and visibility across all devices, facilitating rapid detection and a structured response. 
      • Business continuity solutions in degraded mode: Ensuring the continuity of critical functions after a cyberattack is at the very heart of cyber resilience. This requires robust and proven business continuity plans (BCPs). While regular and secure data backups are fundamental, they are not sufficient to resume operations quickly. It is therefore crucial to have a solution that can rapidly restore the network, provide access to critical services and servers within a very short timeframe. This must be in a secure environment isolated from potentially infected or damaged information systems. Resuming operations in a degraded mode means maintaining critical services with reduced but sufficient capacity. This ability to ensure organizational survival is a game changer. Regularly testing continuity plans is essential for identifying weaknesses and ensuring their effectiveness in real-world situations.
      • Information System Recovery: Once the immediate threat is contained and the degraded mode is in place, the priority becomes the complete and secure restoration of the hospital’s operational environment. This process, guided by a well-defined disaster recovery plan (DRP) established in advance, aims to rebuild each component of the information system in order of priority while ensuring data integrity. It is also necessary to eliminate any residual traces of the attack to prevent recurrence or persistence of backdoors. This effort must rely on rigorous validation procedures, enhanced post-incident monitoring, and a comprehensive assessment of the exploited vulnerabilities. Leveraging recognized cybersecurity frameworks, such as NIST or ISO 27001, combined with ANSSI’s PCRA kit and close collaboration with various business units, supports the reconstruction of a more resilient environment.

Resilient organizations leverage their detection and containment capabilities to minimize the impact of cyberattacks. They incorporate degraded mode operation solutions to ensure business continuity while managing the cyber crisis and restoring their digital services.

Following a cyberattack, the goal is to draw lessons that help strengthen future cybersecurity.  This involves analyzing the root cause of the breach, reinforcing security measures based on lessons learned, and applying patches to prevent the recurrence. Cyber resilience is an iterative process. Each incident, simulation, or audit should be an opportunity to learn and improve existing strategies and processes. Establishing a lessons-learned culture and integrating those lessons into prevention, detection, response, and recovery plans is essential for continuously enhancing the organization’s security posture. By iterating these processes, hospitals not only recover from cyberattacks but also strengthen their resilience against future threats. A hospital’s cyber-resilience strategy must rely on diversified solutions and avoid dependence on any single tool. Over-reliance on a single tool or service can create vulnerabilities that cybercriminals can exploit. While the cloud offers many benefits, it also introduces real risks that must be anticipated and carefully controlled.

The healthcare sector faces a unique set of challenges that make it particularly vulnerable and where the consequences of cyberattacks are potentially catastrophic. First of all, the highly sensitive nature of patient data, protected by strict regulations such as medical confidentiality and the GDPR, makes it a prime target for cybercriminals, whether for financial gain (ransomware, data resale) or attempts to destabilize operations. Second, the complex interdependence of hospital information systems – ranging from electronic health records (EHR) and picture archiving and communication systems (PACS) to administrative management platforms and connected medical devices – creates a network of dependencies where a breach in one link can paralyze the entire care chain.

Similarly, another challenge facing the healthcare sector is the technological lag accumulated by many healthcare institutions. This sector often grapples with budgetary constraints and the complexity of upgrading existing systems. The 2025 report by la Cour des comptes highlights the “vulnerability of information systems,” deemed fragile, too complex, and outdated, adding to this the fact that 20% of healthcare facility equipment is obsolete. This vulnerability stems primarily from “chronic underinvestment in digital technology.” As a result, many CISOs focus their efforts and resources on the protection phase (Pillar 1 of cyber-resilience in Figure 1), investing in firewalls, antivirus software, and intrusion detection systems. A significant portion is thus allocated to prevention, leaving limited resources for planning and implementing crisis and post-crisis phases (Pillars 2 and 3 of cyber-resilience in Figure 1).

While important, this focus on protection neglects the fact that in such an evolving threat landscape, protection failure is likely, making active preparation essential. The consequences of this neglect can be dramatic: prolonged service interruptions, substantial financial losses, reputational damage, and, more seriously, direct endangerment of patients’ lives. Despite all the budget and effort dedicated to Pillar 1, the figures speak for themselves: cyberattacks succeed.

Adopting cloud solutions in the healthcare sector offers numerous advantages in terms of flexibility, scalability, and potential cost savings. However, increased reliance on the cloud introduces a significant number of new risks. This reliance can compromise the resilience of hospital infrastructures in the event of a cyberattack.

Indeed, hospitals can lose access to the networks and services of their service provider or critical applications in the event of a cyberattack targeting the provider. Such an attack could simultaneously paralyze multiple healthcare facilities that depend on this provider. For example, on February 29, 2024, Change Healthcare (a major provider of technology and administrative services to the healthcare sector in the United States) confirmed that it had fallen victim to a ransomware attack by the ALPHV/BlackCat group. The attack caused a massive disruption of the provider’s services for several days – even weeks for some functionalities. This disruption had considerable repercussions throughout the American healthcare system: inability to verify patient insurance, difficulty in treating patients, interruption of prescription deliveries, and an impact on continuity of care. A ransom of $22 million had to be paid, and 190 million personal health records were compromised and stolen.

To reduce dependence on a single provider, hospitals opt for multi-cloud solutions, making it possible to distribute critical data and services among several providers. Data is thus redundant, available, and accessible from diverse sources. However, security management in a multi-cloud environment introduces additional complexity to the infrastructure within an already complex hospital network. The coexistence of different cloud environments, each with its own configurations, security tools, and technical specificities, increases the potential attack surface and the risk of human error. In such an environment, a configuration error can create additional vulnerabilities exploitable by cybercriminals.

Furthermore, an additional point of fragility lies in the authentication architecture, often centralized even in multi-cloud environments. Distributing services and data across multiple clouds does not reduce risks if the access point to those services is centralized (often via a single sign-on (SSO) server). On the contrary, while convenient for access management and healthcare professional workflows, a single authentication server becomes a critical vulnerability and single point of failure. If compromised during a cyberattack, access to all digital services hosted on the various clouds can be simultaneously lost. Dependence on this centralized point exposes the entire information system to potential paralysis.

Finally, responsibility in the event of a cloud incident is shared between the service provider and the healthcare facility. While this division of responsibilities may seem logical, it can nonetheless lead to confusion and critical delays in a crisis. For example, during a ransomware attack targeting health data stored in the cloud, the responsibility for detection and initial response may typically lie with the provider, while data restoration and notification to the competent authorities are the responsibility of the hospital. A lack of clarity in roles and procedures can thus undermine a rapid and effective resumption of activity.

The information systems of healthcare facilities remain vulnerable, and we have only listed here a few examples of cloud-related vulnerabilities. It is therefore essential to have a backup solution. While many assume this means reverting to pen and paper for 72 hours – or even much longer – other solutions are possible.

Faced with the limitations of traditional approaches and the risks inherent in a dependence on centralized infrastructures, Green Communications offers an effective solution for cyber resilience. When a digital infrastructure becomes inoperable due to a natural disaster, a terrorist attack, an adversary, a virus, or ransomware, no digital service can function. Thanks to very lightweight platforms that integrate numerous services, the IoE (Internet of Edges) provides you with a digital infrastructure equipped with a range of essential functionalities to continue communicating, collaborating, and evolving with the same habits and reflexes as in normal times. The IoE solution is the  Noah’s Ark of the digital world. When everything is struck down by a physical or cyberattack, the IoE transports you to a new world, offering essential digital services that ensure your resilience.

The process is very simple! You just need to power a set of portable units (approximately 300 g each) so that they can communicate with each other and form a digital space. The number of units depends on the size of the area to be covered with this infrastructure. In this digital space, a set of services is available by default:

In terms of user experience, the cyber resilience infrastructure offers very user-friendly interfaces, similar to those that people use daily on their computers, tablets, or phones. The user journey takes place in several steps:

1. 1. 1. 1. Take your digital device (phone, tablet, or computer) and connect to the Wi-Fi of the digital infrastructure. This can be done by using a QR code or by entering credentials on the keyboard.
         2. Open a browser (Chrome, Edge, Safari, Firefox, etc.) and enter the address of the local portal. This can also be done by using a QR code or by entering the address in the URL field of the browser.
         3. Accept the certificate of your infrastructure if it is not already installed on your device.
         4. Figure 3 shows the web page of the local portal with all the services offered by the cyber resilience infrastructure.

This digital space offers a set of services by default:

• • • • A visualization application for the platform that allows users to see the covered area, the location of the machines providing coverage and their interactions, as well as all connected users and many other pieces of information.
      • An instant messaging (chat) service that allows the creation of conversation rooms among all clients connected to the infrastructure.
      • A voice service that enables the creation of audio conversation rooms. It can also operate in Push-to-talk mode (walkie-talkie).
      • A file-sharing system for exchanging files between participants connected to the infrastructure or for creating and modifying directories. This system is coded in the form of a blockchain, where every operation performed is recorded and listed across all the units forming the digital infrastructure.
      • A set of tools for the infrastructure administrator to test the performance of the infrastructure, generate logs, modify configurations, perform updates, connect to other networks, change passwords, configure DHCP, DNS, etc.
      • A tool for creating a PKI (Public Key Infrastructure) to generate certificates that customize the routers of the infrastructure.
      • An embedded web server so that the aforementioned services are easily accessible as web applications, without the need to download applications on a client workstation.

The infrastructure has the capability to integrate additional services necessary for the location where it is installed (for example, backup services). These services are installed on machines that connect to the infrastructure so that clients can access them. A very simple configuration tool, in the form of a web page, allows users to provide a static lease (IP address) and a domain name with just a few clicks, ensuring that the use of the service is as straightforward as possible for clients connected to the infrastructure.

This infrastructure will initially allow healthcare personnel to communicate about the current situation, the measures to be implemented, to structure work in degraded mode, as well as all actions planned in the business continuity plan. Simultaneously, it facilitates communication about cyberattack to the relevant authorities. The ability to restore a digital infrastructure with internal and external communication services within minutes of an attack is crucial for significantly reducing the stress and chaos inherent in such situations. This is an often overlooked yet major factor in the effectiveness of a hospital’s crisis management. This backup infrastructure facilitates the deployment of the business continuity plan in a less chaotic environment while reducing the technical downtime for medical staff who can continue to provide care in degraded mode. This solution can be mutualized at the level of the GRADeS (Regional Support Groups for e-Health) for hospitals in their region.

The current approach to cybersecurity is no longer sufficient to ensure continuity of care in the face of increasingly frequent cyberattacks. A profound paradigm shift is necessary: an approach that ensures that if the centralized system (cloud) fails, the decentralized system (local infrastructure) can take over. It’s no longer just about perimeter defenses, whose vulnerabilities we know, but about implementing a comprehensive cyber resilience strategy that enables hospitals to continue operating regardless of the disaster. The business continuity and disaster recovery solution we present embodies this paradigm shift. By providing a parallel, physically isolated, and rapidly deployable digital infrastructure, it allows hospitals to regain operational autonomy in degraded mode, even in a major crisis. This ability to quickly restore internal communication and access critical data and services is essential for effectively managing the crisis and ensuring uninterrupted patient care.

The cloud and digital services have radically transformed the way care is delivered, but this evolution has also increased the vulnerability of healthcare facilities to cyberattacks. Today, these institutions rely on the continuous availability and accessibility of this network and these services to provide patient care. This dependence exposes them to major risks, as critical data and applications are centralized in large data centers, accessible via the internet. Simultaneously, increasingly sophisticated cyberattacks are targeting this sector. The current approach to cybersecurity, although essential, is no longer sufficient to guarantee continuity of care in the event of a large-scale attack. Cyber-resilience, and in particular the capacity to autonomously continue and recover operations, is a strategic move for healthcare facilities. Having appropriate recovery solutions is essential to ensure patient safety, the sustainability of operations, and preserve the reputation of healthcare facilities.

NIST SP 1308 Initial Public Draft, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick Start Guide, NIST, 2025

Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, NIST, 2025

Plan stratégique 2025-2027 de l’ANSSI – Au cœur d’un collectif pour un Nation cyber-résiliente, ANSSI, 2025

Best Practices for Cyber Crisis Management, Enisa, 2024

La sécurité informatique des établissements de santé, Cours des comptes, 2024

Secteur de la santé état de la menace informatique (CERTFR-2024-CTI-010), ANSI, 2024

Le Cadre de Cybersécurité du NIST (CSF) 2.0, NIST, 2024

Change Healthcare victime d’une intrusion via un portail Citrix sans MFA, LeMagIT, 2024

ISO – How tech giants are building cyber resilience, ISO, 202

The Cyber Resilience Index: Advancing Organizational Cyber Resilience WHITE PAPE, WEF in collaboration with Accenture, 2022

Cloud Security for Healthcare Services, Enisa, 2021

Qu’est-ce que la cyber-résilience ? | IBM