Skip to main content

Health-ISAC Hacking Healthcare 2-5-2026

This week, Health-ISAC®‘s Hacking Healthcare® examines a new national cybersecurity strategy published by a leading European state. While the U.S. National Cybersecurity Strategy is lagging behind its originally anticipated early January release date, although we hear it should be released soon, last week, France published their National Cybersecurity Strategy 2026–2030 as part of their National Strategic Review.[i] This week, Hacking Healthcare examines the strategy for policies likely to affect the health sector.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

 

PDF Version:

 

Text Version:

Welcome back to Hacking Healthcare® !

France Releases New National Cybersecurity Strategy 

Overview

On January 29, the General Secretariat for Defence and National Security (SGDSN) published France’s National Cybersecurity Strategy 2026–2030.[i] The strategy is described as “extend[ing] the ambitions of the National Strategic Review” and “set[ting]France’s trajectory to becoming a leading cyber nation.”[ii]

The 36-page document leads with a foreword from French President Emmanuel Macron, who reiterates the increasing criticality of cybersecurity to national security and economic prosperity and briefly highlights values and objectives that are expanded upon in the document as the five pillars on which the strategy is based. The opening of the document emphasizes the importance of the digital domain by saying, “Cybersecurity has become a prerequisite for freedom. A vital requirement. A strategic imperative.”[iii]

The Five Pillars 

Of the 36 pages in the strategy, only about 20 contain substantive language addressing the five pillars that frame it. As such, the document provides a high-level overview more than a comprehensive breakdown of how France plans to operationalize its many objectives. However, there is enough detail in each section to understand the broad direction and approach the Macron administration intends to pursue.

The five pillars are:[iv]

  • Pillar 1 Making France The Largest Pool Of Cyber Talent In Europe: Interestingly, France explicitly identifies the cyber workforce shortage as among its most pressing issues to solve. It even goes so far as to say that France’s ability to develop and attract cybersecurity talent is essential and that “this ambition is the priority focus of this strategy.”[v] The three objectives tied to this pillar are: Develop an inclusive culture of cybersecurity from an early ageInvest in all areas of cybersecurity training; and Support the development of cyber human resources at the European level.
  • Pillar 2 Strengthening The Nation’s Cyber Resilience: Recognizing the increasing risk of cyber threats across all sectors, the strategy calls for “an ambitious plan to raise the overall level of cybersecurity across the entire economic and social fabric…”.[vi] Furthermore, it stresses that their plan will “be based on enhanced synergy between the State, local authorities, businesses, research stakeholders and civil society.”[vii] The three objectives tied to this pillar are: Prepare the nation for crises caused by cyberattacksRaise the overall level of cyber protection for the nation; and Facilitate the path to better cybersecurity.
  • Pillar 3 Halting The Expansion Of Cyber Threats: The growth of cyber threats has not gone unnoticed by France, and this pillar outlines the government’s desire to “mobilise all the levers at its disposal to significantly increase the financial, human and reputational cost for potential adversaries who could harm its economy, the stability of its democracy, or the security of property and people on its territory, and to discourage them from attacking France and its partners.”[viii] The two objectives of this pillar are: Activate all levers to deter cyberattacks; and Mobilize private-sector players in the cyber defence of the nation.
  • Pillar 4 Maintaining Control Over The Security Of Our Digital Foundations: Alluding to the notion of sovereignty that is present in President Macron’s foreword, this pillar outlines France’s ambition to “[control] its technological dependencies and [maintain] its autonomy of judgement and freedom of action in cyberspace.”[ix] The three objectives of this pillar are: Invest in the security of digital technologiesSupport the structuring of a European market for cybersecurity products and services; and Control technological dependencies in the field of digital security.
  • Pillar 5 Supporting The Security And Stability Of Cyberspace In Europe And Internationally: The final pillar recognizes the importance of engaging the broader political and cybersecurity ecosystem to inform intangibles like values and norms alongside more tangible technical and financial assistance. The three objectives that make up this pillar are: Promote an international framework and governance guaranteeing the security and stability of cyberspace; Act as an ally and a cooperative, reliable partner within an international cyber community of interest; and Develop cyber-solidarity capabilities.

More detail on each of these pillars and objectives can be found in the full document, and we encourage you to assess them yourself to better understand their context.

 

Action & Analysis
**Included with Health-ISAC Membership**

[i] https://www.sgdsn.gouv.fr/publications/strategie-nationale-de-cybersecurite-2026-2030

[ii] https://www.sgdsn.gouv.fr/publications/strategie-nationale-de-cybersecurite-2026-2030

[iii] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_1.pdf

[iv] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

[v] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

[vi] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

[vii] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

[viii] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

[ix] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

[x] https://www.sgdsn.gouv.fr/files/files/Publications/20250713_NP_SGDSN_RNS2025_EN_0.pdf

[xi] https://digital-strategy.ec.europa.eu/en/library/proposal-regulation-eu-cybersecurity-act

[xii] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

[i] https://www.sgdsn.gouv.fr/files/files/Publications/20260129_SNC%20EN_0.pdf

  • Related Resources & News
Health-ISAC reports 55% surge in cyber incidents in 2025
Jordanian initial access broker pleads guilty to helping target 50 companies