Hospitals and healthcare facilities have become prime targets for cyberattacks: ransomware, data theft, blocking of critical services, etc. To respond to this threat, the French government has launched the CaRE – Cybersecurity, Acceleration, and Resilience of Institutions program, a multi-year national plan dedicated to the healthcare and medico-social sector.
Today, the funding application phase is closed for Area 2 – Workstations and Detection. In practical terms, this means that:
Institutions that have not applied can no longer join the program in this area,
but those that have already submitted an application must now choose their partners and implement their project.
This article is specifically aimed at them.
What is the CaRE program?
The CaRE program aims to strengthen the security and resilience of healthcare institutions against cyber threats, while improving their ability to respond effectively in the event of an attack. Co-led by the Digital Health Delegation (DNS) and the Digital Health Agency (ANS), it is part of the 2023-2027 digital health roadmap.
In concrete terms, CaRE is:
-
a multi-year action plan (2023–2027) with clear objectives,
-
a dedicated national budget for cybersecurity in healthcare facilities,
-
thematic areas of work covering organization, resources, awareness, and operational security.
The objective is twofold: to prevent attacks from succeeding and to enable institutions to recover quickly when they do occur.
Who is it for? Institutions already involved in CaRE
CaRE is aimed at all healthcare establishments, regardless of their status (public, private, ESPIC, CLCC, etc.) and, gradually, at medico-social structures.
For these institutions, the challenge is no longer “how to apply?”, but rather:
How to structure the project, choose the right support partners, and meet CaRE objectives on time?
CaRE Area 2: “Workstation and Detection”—what are we talking about?
Area 2 – Workstations and detection responds to a simple observation: most attacks start on a user workstation (phishing emails, infected attachments, USB drives, outdated browsers, etc.).
The challenge is therefore to transform the workstation—whether clinical or office-based—into a strong link in cybersecurity, rather than a point of entry for attackers.
In concrete terms, projects funded in this area aim in particular to:
Strengthen workstations
- Standardize system images
- Establish a secure configuration base (OS, browser, office software)
- Manage administrator rights and privileged accounts
Strengthen protection against malware and ransomware
- Deploy antivirus/ EDR/XDR solutions
- Better control removable devices and authorized applications
- Align workstations with ANSSI recommendations and digital health doctrine
Structure detection and response
- Centralize workstation logs (SIEM, internal or managed SOC)
- Detect suspicious behavior more quickly
- Define procedures for isolating and remediating compromised workstations
Secure everyday use
- Raise user awareness (phishing, passwords, handling health data)
- Limit local data storage on workstation disks
- Better coordinate workstations, backups, and continuity/recovery plans
Current situation: funding has been approved, but has yet to be finalized.
The application window is now closed (since October 31, 2025) for Domain 2. Institutions that have already committed are entering a new phase:
- Finalize the scope and schedule of the project
- Choose their support partners (integrators, publishers, specialized firms)
- Implement the planned actions within the deadlines imposed by CaRE
- Produce the deliverables and evidence necessary to justify the use of funds and the achievement of objectives
This is both an operational and strategic phase: each choice (solution, partner, prioritization of projects) will have a direct impact on the actual security of the IS and on the institution’s ability to demonstrate its compliance with the CaRE program—but also, in the future, with NIS2.
How Phishia supports institutions that are already candidates for Domain 2
Phishia, with its Health Edition – Domain 2 Focus on workstation protection, works exclusively with establishments that have already submitted a CaRE application and are now in the key phase: choosing a partner to assist with implementation.
Our role is not to rewrite your application, but to help you meet your CaRE commitments in a pragmatic manner that complies with the national framework.
Translating the CaRE application into real action
Based on your existing application, as well as any comments from the ARS or ANS, we transform the text into a concrete action plan.
We help you clarify the technical and functional objectives of Domain 2, distinguish between what is absolutely necessary for CaRE compliance and what is more of a “bonus,” and then build a realistic roadmap tailored to your resources and organization (GHT, isolated establishment, shared IT system, etc.).
Securing and standardizing workstations
In concrete terms, we work with you to define a security foundation for workstations (controlled images, GPO, hardening policies) and to select and deploy protection solutions (EDR/XDR, filtering, device control).
We also ensure that these measures are integrated into your existing monitoring system or a managed SOC.
The goal is simple: to upgrade your workstations to a level of security in line with CaRE, without blocking business activity.
Secure and standardize workstations
In practical terms, we work with you to define a security foundation for workstations (controlled images, GPOs, hardening policies) and to select and deploy protection solutions (EDR/XDR, filtering, device control).
We also ensure that these measures are integrated into your existing monitoring system or a managed SOC.
The goal is simple: to upgrade your workstations to a level of security in line with CaRE, without disrupting clinical activity.
Better detect and respond to incidents
We help your teams turn workstations into real security sensors. This involves connecting to monitoring tools (SIEM, SOC), defining relevant detection rules (compromise, abnormal behavior, lateral movement), and formalizing response procedures adapted to the reality on the ground: isolation of a workstation, reconstruction, escalation, and internal communication.
Providing the evidence required by CaRE
The CaRE program is based on a results-oriented approach, but also on tangible evidence.
We support you in formalizing technical deliverables (policies, procedures, maps, reports), collecting implementation indicators and supporting documents, and preparing the information to be submitted to the ANS or ARS in the event of an audit.
Ultimately, Phishia helps you move from the CaRE file to operational reality.
Providing the evidence required by CaRE
The CaRE program is based on a results-oriented approach, but also on tangible evidence.
We assist you in formalizing technical deliverables (policies, procedures, maps, reports), collecting indicators and proof of implementation, and preparing the information to be submitted to the ANS or ARS in the event of an audit.
Ultimately, Phishia helps you move from the CaRE file to operational reality: better-protected workstations, better detection and handling of incidents, and a CaRE program that can be defended before your supervisory authorities.
Would you like Phisia to assist you?
