Applied Cybersecurity in Healthcare: A Real-Life Remediation Case Study

Abstract

In recent years, the increasing digitization of healthcare facilities in France has highlighted major cybersecurity vulnerabilities, exacerbated by chronic underinvestment and fragmented IT governance. This thesis explores how hospitals can nevertheless strengthen their IT security through low-cost strategies. Conducted within the Esquirol Hospital Center in France, this concrete case study focuses on the remediation of Active Directory vulnerabilities, the reduction of the internet-exposed attack surface, and the implementation of a secure remote maintenance platform, following the French national agency for information system security’s recommendations and the CaRE program’s requirements. Beyond the specific case, this thesis can be used as a basis for creating a replicable methodology for other establishments of all sizes seeking to improve their resilience to cyber threats, even with limited resources. Finally, it advocates for the systematic integration of cybersecurity from the design phase of hospital digital projects, to make it a strategic issue in its own right.