At a glance

In the context of persistent cybersecurity threats, the Hôpital Privé de l’Est Lyonnais of the Ramsay Santé group wished to reinforce its IT security. Eviden was asked to carry out a crisis exercise. The main objective was to prepare decision-makers for a cyber crisis situation.

 

Outcomes

  • Identification of best practices and areas for improvement via detailed consultant reports
  • Development of an organizational crisis-management mindset for improved responsiveness
  • Strengthened team resilience by acquiring experience and skills

The Client

The Hôpital Privé de l’Est Lyonnais (HPEL) is part of the Ramsay Santé Group. The group is France’s leading private healthcare provider. The establishment stands out for its versatility. While its Emergency Department handles 40,000 visits annually, its many areas of expertise have made it a benchmark healthcare center in the eastern Lyon area.

It was very positive because it allows us to adapt to situations that are highly probable, risky and could have real consequences for our patients. So obviously, the better prepared we are, the better we will be able to respond if such a situation were to occur someday.

Thomas GORIA | Chief Information Security Officer, Hôpital Privé de l’Est Lyonnais

Hospitals and cyberattacks

The hospital suffered a cybersecurity incident at the beginning of 2023 that rendered its network unavailable for three weeks. The staff was completely disconnected but needed to maintain its high quality of care.

All healthcare establishments are regular targets of cyberattacks, such as phishing attempts and spam. They have two common challenges:

  • Protecting patient data and professional data in compliance with the GDPR
  • Ensuring continuity of care and limiting patient impacts during an attack

Why Eviden

  • No. 1 in Europe in managed security services
  • PASSI and PDIS certified by ANSSI
  • France Cybersecurity label
  • Cutting-edge expertise in the methods used by attackers
  • 400 experts throughout France
  • Geographical organization enabling us to deliver services in all regions

Preparation priority

A crisis management exercise puts an organization in an emergency situation close to reality in order to improve its ability to deal with real-life situations.

Eviden led a crisis management exercise according to its proven methodology:

  • Evaluate the level of maturity and reaction of crisis unit members in case of a cyber crisis
  • Test existing crisis-management tools, resources and procedures
  • Test the crisis-communication plan
  • Provide customized support with methodology, expertise and consultants
  • Provide a structured report with an improvement plan
  • Raise awareness of the importance of being prepared to manage a cybersecurity incident while maintaining patient care and safety

A successful crisis exercise

This exercise met the objectives of:

  • Improved confidence in the hospital’s defined processes
  • Adopted best practices in case of cyber crises
  • Refreshed or created crisis-management documentation
  • Planned downgraded working methods without IT tools
  • Gained a cyber-crisis-management default mindset
  • Enhanced security by implementing corrective measures
  • Acquired experience and skills
  • Strengthened the hospital’s resilience to cyberthreats
  • Tested the decision-making team’s ability to communicate and mutual understanding between IT and non-IT staff
  • Learned from the experience of healthcare establishments affected by a recent attack

Related resources

Solution insights

Cybersecurity Consulting Services and strategy

Get expert guidance on your security strategy, technology stack, processes, and posture including current-state audits and strategic roadmaps.

Learn more
Client story

AI and forecasting: critical in a medical emergency

How one of the largest US states forecasted demand for PPE kits during Covid-19

Learn more
Client story

UiPath Robots transform healthcare efficiency

AI robots automate calls, process voice data and update systems

Learn more