The OT Security Gap Behind the French Hospital Attack

On a winter morning in 2024, several hospitals across France were forced into emergency protocols—not because of a natural disaster or hardware failure, but due to a targeted cyberattack. Patient records became inaccessible, imaging systems went offline, and perhaps most concerning of all, critical infrastructure such as ventilation systems, back-up power, and even surgical equipment configurations were either compromised or rendered inoperable. Ambulances were diverted. Operations were cancelled. In a field where every second can mean the difference between life and death, lives were put at risk.

While headlines largely focused on the ransomware involved and the impact on IT systems, the disruption extended deeper into the hospitals’ operational technology (OT)—a layer often neglected in broader cybersecurity strategies. This incident serves as a stark reminder of how vulnerable interconnected systems have become, especially those responsible for delivering essential services.

From OT: The Silent Backbone of Critical Services

In modern hospitals, OT encompasses everything from building management systems and intelligent lifts to digital sterilisation units and medical device controllers. These systems are crucial for the safe and effective operation of healthcare facilities, yet they are rarely treated with the same level of cybersecurity attention as IT systems.

The design priorities for OT are typically availability and reliability. Security, particularly from external threats, was never the original focus—largely because many of these systems were not initially connected to external networks. However, as digital transformation progresses, connectivity has been introduced to improve efficiency, enable remote diagnostics, or support predictive maintenance. Unfortunately, this has opened new attack surfaces, often without the protections we now consider standard in IT.

The French hospital attack reveals the consequences of this security gap. The malware may have entered via a compromised email or software update on the IT side, but the most tangible damage came from how easily it could affect operational systems once inside.

A Broader Industry Problem

What happened in France is not limited to healthcare. Rail operators rely on OT to manage track switching and signalling. Power stations use OT to monitor grid loads and respond to demand fluctuations. Even food production facilities depend on OT to regulate temperature, pressure, and processing lines.

In each of these sectors, the OT environment is increasingly becoming the weakest link—not because it’s inherently flawed, but because it’s lagging behind in adopting modern cybersecurity measures. Most attacks don’t need to break the systems themselves; they simply exploit poor access controls, weak segmentation, and the assumption that a physical environment equals a secure one.

The result? A growing list of high-impact cyber incidents in critical infrastructure, often enabled not by sophisticated hacking, but by outdated or insufficient authentication mechanisms.

Shifting the Focus: Identity over Perimeter

The lesson from the French hospital incident—and many others—is clear: protecting critical infrastructure requires more than firewalls and antivirus software. We need to move towards identity-centred security, particularly in OT environments where network segmentation or full-time connectivity cannot be guaranteed.

Strong identity-based access control ensures that even if attackers breach the perimeter, they cannot easily execute commands or manipulate systems. This is especially important in scenarios where traditional defences are either impractical or ineffective due to the nature of OT devices.

At swIDch, our work in OT security has focused on enabling this shift. By developing solutions that generate dynamic, one-time authentication codes without requiring a constant network connection, we help ensure that only legitimate users or systems can access or control OT environments—even under compromised conditions.

This isn’t about layering more complexity. It’s about making authentication native to the way OT systems operate—resilient, independent, and secure by design.

A Wake-Up Call

The French hospital cyberattack is not an isolated event—it’s a warning. For too long, OT environments have been treated as an afterthought in cybersecurity planning. But as systems grow more interconnected and threats more opportunistic, the consequences of inaction are becoming clearer.

Critical infrastructure—whether in healthcare, energy, manufacturing or transport—can no longer afford to delay securing the systems that keep operations running. That means assessing how access is granted, identifying legacy vulnerabilities, and adopting solutions that prioritise trust at the source.

Because when digital systems fail, physical systems often follow. And when those systems deliver essential services, the cost of failure is measured not just in downtime, but in real human impact.