{"id":3858,"date":"2025-11-25T16:20:54","date_gmt":"2025-11-25T16:20:54","guid":{"rendered":"https:\/\/phishia.fr\/?p=3858"},"modified":"2025-12-02T08:24:57","modified_gmt":"2025-12-02T08:24:57","slug":"pca-pra-in-etablissements-medico-sociaux-transforming-crisis-into-controlled-incident","status":"publish","type":"post","link":"https:\/\/phishia.fr\/en\/blog\/incident-response\/pca-pra-in-etablissements-medico-sociaux-transforming-crisis-into-controlled-incident\/","title":{"rendered":"PCA \/ PRA in medico-social establishments: transforming a crisis into a controlled incident"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Cyberattack, major computer breakdown, fire, flood, staff shortage...
In a hospital or health association,\u00a0every business interruption has a direct impact on patient and user safety<\/strong>.<\/p>

This is precisely what the\u00a0PCA<\/strong>\u00a0(Business Continuity Plan) and the\u00a0PRA<\/strong>\u00a0(Business Resumption Plan): to enable the structure to\u00a0continued care and support<\/strong>, even in the event of a serious crisis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

1. BCP \/ DRP: what exactly are we talking about?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
PCA: steering through the storm<\/strong><\/h5>

A\u00a0Business Continuity Plan (BCP)<\/strong>\u00a0is a\u00a0strategy paper<\/strong>\u00a0which describes how a plant maintains its essential missions during a major crisis (cyber attack, power failure, flood, pandemic, etc.).<\/p>

The aim is to identify vital activities<\/strong> (emergency, accommodation, pharmacy, patient records, payroll, etc.) and to plan for emergency resources<\/strong> (premises, IS, paper procedures, human resources, etc.).<\/p>

In healthcare, the BCP\u00a0is not limited to IT, <\/strong>and can be integrated into the white plan to cover human resources, buildings, suppliers, logistics, etc.<\/p>

PRA: restarting after the shock<\/strong><\/h5>

Visit\u00a0Disaster Recovery Plan (DRP)<\/strong>\u00a0completes the BCP: it describes\u00a0how to restart what has been stopped<\/strong>, particularly information systems.<\/p>

As the CNIL reminds us, disaster recovery encompasses all the actions required to restart a system that has been shut down following an incident.<\/p>

In concrete terms, the PRA specifies, for example:<\/p>

  • in which order to restart applications (patient record, imaging, HR, etc.),<\/li>
  • from which backups,<\/li>
  • with which target times (RTO, RPO),<\/li><\/ul>
    \u00a0<\/div>

    In the public sector, as in the healthcare sector, national guidelines recommend that we think in terms of\u00a0BCP + DRP together<\/strong>, sometimes in the form of a\u00a0PCRA<\/strong>\u00a0(Business Continuity and Recovery Plan).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    2. Why is this crucial for hospitals and healthcare associations?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t
    Continuity of care and protection of vulnerable persons<\/strong><\/h5>\n

    A well-designed BCP\/ERP primarily serves to ensuring continuity of care and support<\/strong>, even in the midst of a crisis. For a hospital or healthcare association, this means keeping disruptions to a minimum: avoiding the closure of entire departments, maintaining surveillance of fragile patients, guaranteeing the distribution of treatments, and preserving the welcome and safety of residents.<\/p>\n

    Very real threats, especially cyber<\/strong><\/h5>\n

    Today, a cyber attack can paralyze an entire hospital IS<\/strong> and expose sensitive health data.
    Without BCP\/ERP, teams find themselves without clear instructions, decisions are taken in a hurry, and the risk of medical errors, loss of information or organizational chaos explodes.<\/p>\n

    With a BCP\/ERP that has been worked out in advance, teams have a complete ready-to-play scenario<\/strong> who does what, with what tools, in what order. Feedback shows that :<\/p>\n

      \n
    • \n

      patients benefit from improved continuity of care,<\/p>\n<\/li>\n

    • \n

      data is better protected thanks to proven backup and restore procedures,<\/p>\n<\/li>\n

    • \n

      staff know what to do, reducing stress and mistakes in the middle of a crisis.<\/p>\n<\/li>\n<\/ul>\n

      A clear expectation from the authorities<\/strong><\/h5>\n

      Authorities (ANS, ANSSI, ARS) are now requesting Formalized BCP and DRP<\/strong>, These include the \u00abbusiness continuity and recovery strategy\u00bb function in cybersecurity programs such as CaRE.<\/p>\n

      Clearly: for a healthcare establishment, not having robust BCP\/ERP is no longer an option<\/strong> - this is a prerequisite for protecting patients, teams and data.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      3. How to set up a BCP \/ DRP in a medical-social establishment?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t
      Step 1 - Setting up governance and sponsorship<\/b><\/h5>

      A BCP\/RAP cannot be \u201can IT document\u201d. It must be supported by management<\/strong> and co-constructed with the professions.
      In concrete terms, we identify a sponsor<\/strong> (general management or management of the association), we set up a PCA\/PRA committee<\/strong> bringing together the CIO, care management, medical management, quality\/risk management, logistics, HR, CISO, etc., and appointing a project manager<\/strong> clear.
      This framework makes it possible to arbitrate priorities, budgets and technical choices without getting stuck.<\/p>

      Step 2 - Identify vital activities (impact analysis)<\/b><\/h5>

      The aim is to answer two simple questions:
      What activities should never stop?<\/strong> (emergency, operating room, protected unit, on-call duty, medical hotline, etc.)
      With what minimum service level and acceptable downtime?<\/strong><\/p>

      For this purpose, a impact analysis (BIA)<\/strong> These include mapping essential processes, identifying dependencies (applications, premises, service providers, key personnel) and defining recovery objectives (RTO\/RPO). This provides the compass for the BCP\/RBP.<\/p>

      Step 3 - Working on crisis scenarios<\/b><\/h5>

      The ANS PCA\/PRA kit recommends covering at least four main scenarios<\/strong> :
      unavailability of human resources (mass absenteeism, strike, pandemic), buildings (fire, flood, technical disaster), suppliers (medicines, catering, telephony...), and of course the information system<\/strong>(cyber attack, major breakdown).<\/p>

      For each scenario, we describe the concrete impacts on vital activities: what becomes impossible, what absolutely must be maintained, and at what level. This allows us to move beyond generalities and into the real world.<\/p>

      Step 4 - Building the BCP: how to keep on working?<\/b><\/h5>

      The BCP answers a simple question: \u201cHow do you keep working when everything's going wrong?\u201d<\/strong>
      We're looking for continuity solutions realistic<\/strong>, These include the transfer of certain services to another site, paper-based procedures for prescribing and traceability when the HIS is unavailable, staff reinforcement or redeployment plans, safety stocks (drugs, consumables, equipment), and emergency communication resources (back-up telephony, walkie-talkies, secure external messaging, etc.).<\/p>

      These choices have been compiled in a clear plan<\/strong>, with short reflex cards for each department, up-to-date lists of contacts and emergency numbers, and a crisis management diagram<\/strong> (crisis unit, roles, frequency of meetings, key decisions).<\/p>

      Step 5 - Building the DRP: how to restart cleanly?<\/b><\/h5>

      The PRA section focuses on information systems recovery<\/strong> : which applications should be restarted first, when, from which backups, and with what precautions to avoid damage. re-infect<\/strong> the IS after a cyberattack.<\/p>

      We define a backup actually tested<\/strong>, The aim is to avoid the \u201cwe thought it worked\u201d situation when everything comes to a standstill. The idea is to avoid the \"we thought it worked\" situation when everything comes to a standstill.<\/p>

      Step 6 - Test, train, improve<\/b><\/h5>

      A BCP\/PRA sleeping in a filing cabinet protects no one. Cybersecurity authorities recommend test regularly<\/strong> plans, in particular through crisis management exercises based on cyber scenarios.<\/p>

      In practice, this involves \u201ctable-top\u201d exercises (around a table, on a fictitious scenario), technical tests of changeover\/restoration, and then systematic feedback to the customer. improve<\/strong> the system. Updating the BCP\/ERP at least once a year keeps it in line with reality on the ground.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      4. Phishia expertise: a BCP\/ERP anchored in the cyber reality of the healthcare sector<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
      \n\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      At Phishia<\/strong>, We provide day-to-day support to hospitals, GHTs and healthcare associations in the following areas operational cybersecurity<\/strong> and the resilience to attack<\/strong> (ransomware, account compromise, targeted phishing, etc.).<\/p>

      Our strength: link your BCP\/ERP to your actual digital risks in concrete terms<\/strong>, rather than producing yet another theoretical document.<\/p>

      What we do for you<\/b><\/h5>

      • PCA\/PRA & cyber flash diagnostics<\/strong>
        Review of your plans, procedures, safeguards and crisis organization, identification of deviations from ANS\/ANSSI recommendations and the CaRE program, rapid mapping of critical activities and their digital dependencies.<\/p><\/li>

      • Co-construction of BCP\/ERP with your teams<\/strong>
        Workshops with caregivers, management and support functions, development of realistic scenarios (cyberattack blocking the HIS, loss of a site, failure of a key supplier, etc.), drafting of simple reflex cards<\/strong>, for use in stressful situations.<\/p><\/li>

      • Integration with your existing cyber security<\/strong>
        Align the DRP with your backup, network segmentation, workstation hardening and supervision strategies, and integrate the plans into your cyber crisis management system (SOC, CISO, incident response providers).<\/p><\/li>

      • Tests & long-term ramp-up<\/strong>
        Organization of crisis drills (table-top exercises, cyber-attack simulations), assistance with periodic plan updates, team awareness-raising via simulated phishing campaigns and educational modules.<\/p><\/li><\/ul>

        The goal: on the day the crisis hits, your teams don't just discover the procedures... they apply them.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

        \n\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t

        5. What about your BCP \/ DRP?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
        \n\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t

        Whether you're starting from scratch or want to update an aging BCP\/ERP<\/strong>, now's the time to :<\/p>\n

          \n
        • check that your plans cover current risks (cyber, shortages, health crises),<\/li>\n
        • return them concrete and usable<\/strong> by your teams,<\/li>\n
        • and align them with the requirements of the French authorities.<\/li>\n<\/ul>\n

             Would you like an outside perspective on your BCP\/RAP, or would you like to build an approach tailored to your hospital or healthcare association?<\/strong><\/p>\n

          We can discuss this with you in a no-obligation meeting, to understand your challenges and offer you customized support.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

          Cyber-attack, major computer breakdown, fire, flood, staff shortage... In a hospital or healthcare association, every interruption of activity has a direct impact on the safety of patients and users. This is precisely the purpose of the BCP (Business Continuity Plan) and BRP (Business Resumption Plan): to enable the organization to continue providing care and support, [...].<\/p>","protected":false},"author":3,"featured_media":3900,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[25],"tags":[28],"class_list":["post-3858","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-reponse-aux-incidents","tag-sante"],"acf":[],"yoast_head":"\nPCA \/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9 - Phishia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/phishia.fr\/en\/blog\/incident-response\/pca-pra-in-etablissements-medico-sociaux-transforming-crisis-into-controlled-incident\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCA \/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9 - Phishia\" \/>\n<meta property=\"og:description\" content=\"Cyberattaque, panne informatique majeure, incendie, inondation, p\u00e9nurie de personnel\u2026Dans un h\u00f4pital ou une association de sant\u00e9,\u00a0chaque interruption d\u2019activit\u00e9 a un impact direct sur la s\u00e9curit\u00e9 des patients et des usagers. C\u2019est pr\u00e9cis\u00e9ment \u00e0 cela que servent le\u00a0PCA\u00a0(Plan de Continuit\u00e9 d\u2019Activit\u00e9) et le\u00a0PRA\u00a0(Plan de Reprise d\u2019Activit\u00e9) : permettre \u00e0 la structure de\u00a0continuer \u00e0 soigner et accompagner, […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/phishia.fr\/en\/blog\/incident-response\/pca-pra-in-etablissements-medico-sociaux-transforming-crisis-into-controlled-incident\/\" \/>\n<meta property=\"og:site_name\" content=\"Phishia\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T16:20:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-02T08:24:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Blog-PRA-PCA.png\" \/>\n\t<meta property=\"og:image:width\" content=\"632\" \/>\n\t<meta property=\"og:image:height\" content=\"315\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/\"},\"author\":{\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\"},\"headline\":\"PCA \\\/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9\",\"datePublished\":\"2025-11-25T16:20:54+00:00\",\"dateModified\":\"2025-12-02T08:24:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/\"},\"wordCount\":1682,\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-PRA-PCA.png\",\"keywords\":[\"Sant\u00e9\"],\"articleSection\":[\"R\u00e9ponse aux incidents\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/\",\"name\":\"PCA \\\/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9 - Phishia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-PRA-PCA.png\",\"datePublished\":\"2025-11-25T16:20:54+00:00\",\"dateModified\":\"2025-12-02T08:24:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/#primaryimage\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-PRA-PCA.png\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-PRA-PCA.png\",\"width\":632,\"height\":315},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/reponse-aux-incidents\\\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/phishia.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"R\u00e9ponse aux incidents\",\"item\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/category\\\/reponse-aux-incidents\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"PCA \\\/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"name\":\"Phishia\",\"description\":\"Cabinet de Conseil IT, Cybers\u00e9curit\u00e9, Durabilit\u00e9\",\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/phishia.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\",\"name\":\"Phishia\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"width\":512,\"height\":128,\"caption\":\"Phishia\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/phishia\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\",\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PCA \/ PRA in medico-social establishments: transforming a crisis into a controlled incident - Phishia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/phishia.fr\/en\/blog\/incident-response\/pca-pra-in-etablissements-medico-sociaux-transforming-crisis-into-controlled-incident\/","og_locale":"en_US","og_type":"article","og_title":"PCA \/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9 - Phishia","og_description":"Cyberattaque, panne informatique majeure, incendie, inondation, p\u00e9nurie de personnel\u2026Dans un h\u00f4pital ou une association de sant\u00e9,\u00a0chaque interruption d\u2019activit\u00e9 a un impact direct sur la s\u00e9curit\u00e9 des patients et des usagers. C\u2019est pr\u00e9cis\u00e9ment \u00e0 cela que servent le\u00a0PCA\u00a0(Plan de Continuit\u00e9 d\u2019Activit\u00e9) et le\u00a0PRA\u00a0(Plan de Reprise d\u2019Activit\u00e9) : permettre \u00e0 la structure de\u00a0continuer \u00e0 soigner et accompagner, […]","og_url":"https:\/\/phishia.fr\/en\/blog\/incident-response\/pca-pra-in-etablissements-medico-sociaux-transforming-crisis-into-controlled-incident\/","og_site_name":"Phishia","article_published_time":"2025-11-25T16:20:54+00:00","article_modified_time":"2025-12-02T08:24:57+00:00","og_image":[{"width":632,"height":315,"url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Blog-PRA-PCA.png","type":"image\/png"}],"author":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/#article","isPartOf":{"@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/"},"author":{"name":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528"},"headline":"PCA \/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9","datePublished":"2025-11-25T16:20:54+00:00","dateModified":"2025-12-02T08:24:57+00:00","mainEntityOfPage":{"@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/"},"wordCount":1682,"publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"image":{"@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Blog-PRA-PCA.png","keywords":["Sant\u00e9"],"articleSection":["R\u00e9ponse aux incidents"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/","url":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/","name":"PCA \/ PRA in medico-social establishments: transforming a crisis into a controlled incident - Phishia","isPartOf":{"@id":"https:\/\/phishia.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/#primaryimage"},"image":{"@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Blog-PRA-PCA.png","datePublished":"2025-11-25T16:20:54+00:00","dateModified":"2025-12-02T08:24:57+00:00","breadcrumb":{"@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/#primaryimage","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Blog-PRA-PCA.png","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/Blog-PRA-PCA.png","width":632,"height":315},{"@type":"BreadcrumbList","@id":"https:\/\/phishia.fr\/blog\/reponse-aux-incidents\/pca-pra-dans-les-etablissements-medico-sociaux-transformer-la-crise-en-incident-maitrise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/phishia.fr\/"},{"@type":"ListItem","position":2,"name":"R\u00e9ponse aux incidents","item":"https:\/\/phishia.fr\/blog\/category\/reponse-aux-incidents\/"},{"@type":"ListItem","position":3,"name":"PCA \/ PRA dans les \u00e9tablissements m\u00e9dico-sociaux : transformer la crise en incident ma\u00eetris\u00e9"}]},{"@type":"WebSite","@id":"https:\/\/phishia.fr\/#website","url":"https:\/\/phishia.fr\/","name":"Phishia","description":"IT Consulting, Cybersecurity, Sustainability","publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/phishia.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/phishia.fr\/#organization","name":"Phishia","url":"https:\/\/phishia.fr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","width":512,"height":128,"caption":"Phishia"},"image":{"@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/phishia\/"]},{"@type":"Person","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528","name":"Enzo Debosque, Junior CyberSecurity Consultant"}]}},"_links":{"self":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3858","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/comments?post=3858"}],"version-history":[{"count":13,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3858\/revisions"}],"predecessor-version":[{"id":3998,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3858\/revisions\/3998"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media\/3900"}],"wp:attachment":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media?parent=3858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/categories?post=3858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/tags?post=3858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}