Cybersecurity awareness in the healthcare sector

21 May 2026
#Cybersecurity
  • Share this post :
Cybersecurity Culture
Apssis Cybersécurité 1
Know more about cybersecurity

Moving beyond ‘combat sports’ to build a collective culture

At the SantExpo 2026 conference, Evolucare took part in the APSSIS cybersecurity expert track, an immersive format bringing together key industry players to discuss critical issues: crisis management, technology, awareness-raising and the regulatory framework. At the Evolucare stand R46, Lauranne Peyron, the Group’s CISO and DPO, gave a talk with the evocative title:
“IS security awareness a combat sport?”

Behind this deliberately provocative question lies a powerful message: we need to rethink cybersecurity in the workplace—and particularly in the healthcare sector—as a collective endeavour based on listening, trust and supporting users.

Cybersecurity in healthcare: a human issue above all else

With cyberattacks targeting healthcare organisations on the rise, staff awareness has become a regulatory and operational requirement. Standards such as ISO 27001, the Ségur Digital Health Plan and HDS certification explicitly require appropriate training and awareness-raising initiatives.

But beyond the legal requirements, one thing is clear: the human factor is now at the heart of cybersecurity.

Numerous studies cited in the presentation show that:

  • The majority of incidents are caused by risky behaviour;
  • up to 74% of incidents could be prevented with appropriate training.

In this context, the issue is no longer merely technical. It becomes cultural, organisational and profoundly human.

Moving beyond the myth of the CISO ‘in battle’

Security awareness is often described as a battle: the CISO pitted against employees who are perceived as careless or resistant.

  • Lauranne Peyron
    If the CISO is at loggerheads with her colleagues, she’ll be exhausted by the time the attackers arrive.
    Lauranne Peyron
    CISO – DPO Evolucare

At Evolucare, employees are not viewed as a risk to be mitigated, but as key contributors to safety. Their primary objective remains to create value for the company and for clients in the healthcare sector.

Apssis Cybersécurité 2

In this context, security should not be a hindrance, but a catalyst for business operations.

This approach is fully in line with the Group’s values — respect, commitment and excellence — and with its mission to build a secure, high-performing digital healthcare system centred on the patient-citizen.

1- Listen first, then raise awareness: a practical approach

The first pillar of the approach championed by Evolucare is active listening.

Rather than imposing top-down rules, Lauranne Peyron favours a hands-on approach:

  • regular visits to branches,
  • direct communication with teams,
  • availability via collaborative tools.

Objectif : comprendre les contraintes réelles des métiers.

Because cybersecurity can only be effective if it is tailored to actual usage. A measure perceived as out of touch with reality will be circumvented or even rejected.

This non-judgemental approach is essential. It enables us to:

  • build trust,
  • identify the real risks,
  • work together to develop solutions that strike a balance between security and operational efficiency.

2- Raising awareness means supporting change

Second pillar: viewing cybersecurity as a change management process.

Implementing a security measure, amending a procedure or introducing a new rule involves:

  • to change habits,
  • to persuade,
  • to repeat.

At Evolucare, this approach is underpinned by a multi-channel communication strategy:

  • quarterly webinars on current topics (incidents, regulations, tools),
  • internal newsletters,
  • broadcasts via the internal TV channel,
  • monthly cyber security intelligence bulletin.

This strategy ensures that all employees are reached, regardless of their role or location.

It also addresses a key challenge: embedding cybersecurity within the corporate culture.

3- Measuring for progress: a culture of continuous improvement

Third pillar: assessing the effectiveness of awareness-raising initiatives.

Evolucare has introduced short monthly quizzes (‘5 minutes – 5 questions’) designed to:

  • test knowledge,
  • identify areas for improvement,
  • maintain a consistent level of attention.

The result: an average correct answer rate of 75%.

But beyond performance, the philosophy is clear: mistakes are a catalyst for learning.

Each quiz is accompanied by immediate feedback, turning every incorrect answer into a learning opportunity.

This approach to continuous improvement reflects the Group’s quality commitments and its certifications (ISO 9001, ISO 27001, HDS).

A cross-functional organisation dedicated to safety

Cybersecurity at Evolucare is based on collaborative governance.

Lauranne Peyron works in close coordination with:

  • IT teams (change management security),
  • R&D (product security),
  • Operations (customer data protection),
  • Sales teams (pre-sales and responding to customer requirements),
  • the Communications team (raising awareness and disseminating messages).
Apssis Cybersécurité 3

A dedicated task force, set up in 2023 as part of the ISO 27001 certification process, ensures:

  • feeding back issues from the field,
  • sharing best practices,
  • anticipating risks.

This cross-functional approach illustrates a key principle: cybersecurity is everyone’s responsibility.

Training for protection: the employee as the last line of defence

At the heart of this strategy lies a fundamental message: Awareness is not about correcting mistakes, but about providing the tools to understand the risks.

In an environment where attacks are constantly evolving, employees become:

  • early warning sensors,
  • information relays,
  • resilience stakeholders.

They are the organisation’s last line of defence.

A vision aligned with the Pact4all

This approach is fully in line with Evolucare’s #Pact4all initiative, which aims to:

  • to make professionals’ work easier,
  • to ensure continuity of care,
  • to build a safer and more efficient healthcare system.

By strengthening the teams’ cybersecurity culture, Evolucare makes a direct contribution to:

  • protect health data,
  • secure patient care pathways,
  • ensure the trust of healthcare providers and patients.

SantExpo 2026: a key event for sharing best practice

The APSSIS cybersecurity expert course, taking place on 19 May 2026, offers a unique opportunity for professionals in the sector:

  • to exchange views with experts,
  • to hear about real-world experiences,
  • to refine their strategies for dealing with threats.

Evolucare’s participation in this event demonstrates its commitment to:

  • to promote a more people-centred and collaborative approach to cybersecurity.
  • to share its expertise,
  • to help the sector mature,

A firm belief: cybersecurity is a culture, not a constraint

In conclusion, Lauranne Peyron’s vision challenges conventional wisdom: cybersecurity is not an internal battle.
It is a collective endeavour, based on trust, listening and human intelligence.

Users aren’t the problem. They’re part of the solution. Lauranne Peyron, CISO – DPO Evolucare

An approach that fully reflects Evolucare’s DNA: putting technology at the service of people, to build a healthcare system that is safer, more efficient and more inclusive.