Hospitals and healthcare establishments have become prime targets for cyber attacks: ransomware, data theft, blocking of critical services... In response to this threat, the French government has launched the CaRE - Cybersecurity, Acceleration and Plant Resilience, a multi-year national plan dedicated to the healthcare and medical-social sector.
Today, the submission of financing applications is complete for the Area 2 - Workstation and detection. In concrete terms, this means that :
Establishments that have not applied can no longer join the scheme in this area,
but those who have already submitted an application must now choose their support team and implement their project.
This article is aimed precisely at them.
What is the CaRE program?
The program CaRE aims to strengthening the safety and resilience of healthcare facilities to cyber threats, while improving their ability to react effectively in the event of an attack. Co-piloted by Digital Health Delegation (DNS) and theDigital Health Agency (ANS), it is part of the digital healthcare roadmap 2023-2027.
In concrete terms, CaRE means :
a multi-year action plan (2023-2027) with clear objectives,
a dedicated national funding envelope cybersecurity,
from thematic areas of work covering organization, resources, awareness and operational safety.
The aim is twofold: prevent attacks from succeeding and enable plants to recover quicklywhen they occur.
Who is it for? Schools already involved in CaRE
CaRE is for all healthcare facilities, The Group's activities are now being extended to all healthcare facilities, regardless of their status (public, private, ESPIC, CLCC, etc.), and gradually to medico-social structures as well.
For these establishments, the challenge is no longer “how to apply”, but :
How do you structure your project, choose the right partners and meet CaRE objectives on time?
Domain 2 CaRE: “Workstation and detection”, what are we talking about?
Visit Area 2 - Workstation and detection responds to a simple observation: most attacks begin on a user workstation (phishing e-mails, infected attachments, USB keys, out-of-date browsers, etc.).
The challenge is therefore to transform the workstation - whether clinical or office - into a the strong link in cybersecurity, instead of being the attacker's entry point.
In concrete terms, the projects financed in this area aim in particular to :
Hardening workstations
- Standardize system images
- Set up a secure configuration base (OS, browser, office software)
- Manage administrator rights and privileged accounts
Enhanced protection against malware and ransomware
- Deploying antivirus / EDR / XDR solutions
- Better control over removable devices and authorized applications
- Align workstations with ANSSI recommendations and the digital health doctrine
Structuring detection and response
- Centralize workstation logs (SIEM, internal or managed SOC)
- Detect suspicious behavior faster
- Define isolation and remediation procedures for compromised workstations
Securing everyday use
- Raising user awareness (phishing, passwords, handling health data)
- Limit local data storage on workstation disks
- Better coordination between workstation, backup and continuity/recovery plan
Current situation: financing has been agreed, but has yet to be put into practice
Visit application window now closed (from October 31, 2025) for Domain 2. Establishments already committed are entering a new phase:
- Finalize project scope and schedule
- Choose your companions (integrators, publishers, specialized firms)
- Implement planned actions within the deadlines set by CaRE
- Produce deliverables and proofs necessary to justify the use of funds and the achievement of objectives
This phase is both operational and strategic each choice (solution, partner, prioritization of projects) will have a direct impact on the actual security of the IS and on the company's ability to demonstrate its compliance with the CaRE program - and, in the future, with NIS2 as well.
How Phishia supports establishments already applying for Domaine 2
Phishia, with its Health Edition - Focus Area 2 focused on workstation protection, intervenes only from establishments that have already submitted a CaRE application and are now in the key phase: choose a partner for implementation.
Our role is not to rewrite your application, but to help you to keeping your CaRE commitments, in a pragmatic way and in line with the national framework.
Translating the CaRE dossier into real actions
On the basis of your submitted dossier, and any comments from the ARS or ANS, we transform the text into a concrete action plan.
We help you to clarify the technical and functional objectives of Domain 2, to distinguish between what is absolutely necessary to be CaRE-compliant and what is more of a “bonus”, and then to build a realistic path, adapted to your resources and organization (GHT, isolated establishment, shared IS, etc.).
Secure and standardize workstations
In concrete terms, we work with you to define a substation security base (controlled images, GPO, hardening policies) and on the selection and deployment protection solutions (EDR/XDR, filtering, device control).
We also take care of’integration of these devices into your existing supervision system or in a managed SOC.
The objective is simple: upgrade workstations to a security level in line with CaRE, without blocking clinical activity.
Better detection and response to incidents
We help your teams turn their workstations into real security sensors. This means connecting them to supervision (SIEM, SOC), the definition of relevant detection rules (compromise, abnormal behavior, lateral movements) and the formalization of response procedures adapted to the realities of the field: station isolation, reconstitution, escalation and internal communication.
Provide the proof expected in CaRE
The CaRE program is based on a logic of results but also tangible evidence.
We can help you formalization of technical deliverables (policies, procedures, maps, reports), in the collection of indicators and proof of implementation, as well as in the preparation of elements to be transmitted to the’ANS or ARS in the event of an inspection.
Phishia helps you to from CaRE file to operational reality This means better protected workstations, better detection and handling of incidents, and a CaRE program that can be defended before your supervisory authorities.
You would like to be accompanied by Phisia ?
