Health : preventing cyber threats through privileged access control to ensure care continuity and patient data security

The "Zero Downtime" Challenge

The healthcare sector is one of the most targeted by cybercriminals, with life-critical stakes:

• Vital criticality: IS unavailability can directly compromise patient care, particularly through access to the Electronic Patient Record (EPR).
• Threatened care continuity: A cyberattack can rapidly paralyze hospital systems, disrupting appointments, medical records, and connected equipment.
• Proliferation of third-party access: The many providers working on biomedical equipment and business software significantly expand the attack surface.
• Sensitive data and equipment: Medical data, highly valued by cybercriminals, along with critical equipment (MRI scanners, ventilators…) represent high-impact targets.
• Increased regulatory pressure: NIS2 imposes strict requirements for protection, traceability, and incident notification.
• Biomedical vulnerability: Many devices run on legacy systems that are difficult to update, making them particularly exposed.

• Simplified network flow isolation: The provider never directly touches the internal network. Every connection passes through the bastion, which acts as a security gateway between the external operator and the facility's critical systems, applying granular access control across IS resources.
• Session video recording (indexing): In the event of a configuration error on a patient database, the CISO can replay the session to identify the exact origin of the issue and resolve it as quickly as possible.
• Reduced downtime: By providing full visibility into IS interventions, the bastion enables faster incident diagnosis and accelerated resolution, a decisive advantage when every minute of downtime can impact patient care.
• Least privilege enforcement: By applying the principle of least privilege, the bastion ensures that each operator only accesses the systems strictly necessary for their mission, preserving patient data confidentiality and significantly reducing the risk of data leakage.
• Comprehensive intervention traceability: All actions performed on the IS are recorded and timestamped, creating a reliable audit trail, both to meet regulatory requirements (NIS2, GDPR…) and to provide evidence in the event of an incident.

• Sensitive data protection: Access management and full traceability of actions performed on the IS, you know who accessed which record or device, when, and what they did.
• Built-in compliance: PROVE IT facilitates compliance with NIS2 and GDPR through reliable, timestamped audit logs that are immediately usable during audits or incidents.
• Isolation of access to critical systems: Medical equipment (MRI scanners, ventilators) is protected by granular access policies, a provider only accesses the resources strictly required for their intervention.
• Third-party access control: The provider connects to the PROVE IT web portal without ever seeing the network directory. Access is temporary, supervised, and recorded. Credentials are injected transparently. No more shared accounts like "admin_biomed".
• Session video recording: In the event of an incident, the CISO can quickly identify the action that caused the issue through session video recording.
• Real-time alerts: Alerts can be configured to detect suspicious behavior.

How PROVE IT has addressed our clients' challenges in the healthcare sector

What were their needs?

• Strengthen overall IS security in response to the surge in cyberattacks targeting the hospital sector.
• Centralize provider access : require all external operators to go through the bastion to access the hospital's critical resources.
• Secure privileged accounts : password masking through the credential vault, preventing providers from knowing infrastructure secrets.
• Audit and video recording : use session recording to have visual proof of interventions in the event of an incident or handling error.

Benefits observed following PROVE IT deployment:

"With Rubycat's PROVE IT administration bastion, we have above all gained peace of mind. We know exactly who is connecting, we control access, and most importantly, we no longer share our server passwords with providers." - Jean-Philippe Estenne, IT Manager, CH de Thuir

• Total flow control: The facility now knows precisely "who does what, when, and on which resource."
• Ease of administration: A lightweight solution, easy to install and maintain, requiring no heavy infrastructure.
• Rapid incident resolution: In the event of a malfunction following an intervention, session playback immediately clarifies the origin of the issue.
• Meeting healthcare requirements: A technology component that contributes to securing health data and achieving regulatory compliance.

What were their needs?

• Automate external access : secure all remote maintenance connections without daily manual intervention.
• Real-time notifications : be immediately informed when an intervention session opens and closes.
• Supervision and traceability : ability to monitor or terminate a live connection, and to review sessions after the fact for audit purposes.
• Budget control : opt for an ANSSI-certified (CSPN) solution at a price considered accessible for the organization.

PROVE IT deployment: concrete results

"All external user connections are secured; we are immediately notified of new connections, and we are also alerted when an intervention is complete. For us, this is an undeniable gain in time, efficiency, and peace of mind." -Dimitri Martinescu, CIO/CISO, Fondation Bon Sauveur de Bégard

• Time and efficiency gains : Elimination of repetitive manual tasks for managing provider authorizations.
• Operational peace of mind : The assurance that all access is traced and that the team is notified of every IS activity.
• Fast onboarding : "Installation and onboarding were very quick," confirmed by a successful prior proof of concept (POC).
• A trusted solution : "The cherry on top: the solution is Breton-made and certified with the CSPN Security Visa by ANSSI."