Doctolib gives the keys to Atos

On Wednesday May 25, in front of the press, Atos and Doctolib shared the main lines of their collaboration in the protection of the data of the tricolor scale-up. It is also an opportunity to come back to the recent survey by Radio France concerning the limits of end-to-end encryption on appointment booking data on Doctolib.

The digitization of the healthcare sector is advancing rapidly. The attacks and their sophistications too! This is the observation made by Jean-Baptiste Voron, chief technology officer cybersecurity of Atos: “Health is increasingly attacked by exploiting the new functionalities of the sector. There is a strong attraction for the monetization of data”, whereas these are exchanged on the black market between 50 and 200 euros. “The pandemic has allowed attackers to suck up a lot of data,” comments Doctolib.

Towards 100% cloud

Also, we must act to reassure. In an attempt to bring “as much security as possible and confidence in the software”, Doctolib has always opted for the “move to cloud” strategy, she underlines. Today, the French scale-up is 99.9% on the cloud and there must be servers “only for the security cameras of the premises”, ironically the security manager. This cloud strategy was also adopted to make it possible to very quickly adapt the hosting capacity on the platform. Thus, on the day of the announcement by the President of the Republic of the implementation of a health pass, the Doctolib site received 3 million visits at the same time… And the responsiveness would not have been the same if the scale -up had its own servers.

List of subcontractors in charge of hosting for Doctolib (Source

List of subcontractors in charge of hosting for Doctolib (Source

The French company thus bet from the start on Amazon Web Services (AWS) for its activities in Paris and Francevsstrong. IThey have security products from very, very good quality» says the head of security. However, Doctolib did not want to put all its eggs in one basket and so decided to collaborate also with Atos. “When we talk about encryption, there are always keys and a management strategy for these keys»indicates Jean-Baptiste Voron, the CTO VSAtos cybersecurity.

Read also: “My Health Space” Is it wise to put all your eggs in one basket?

In this pyramid of keys, the French multinational has been entrusted with the top: the master key. “This is kept in a cryptographic box, qualified by ANSSI. To perform an operation, you have to bring together five of the seven people with a sample, ”he says. Either the same precautionary principle “as for the launch of a nuclear missile”.

End-to-end encryption not complete

However, this “informative” meeting took place a few days after the results of an unprecedented investigation carried out by the Radio France investigation unit on the protection of health data of Doctolib. This indicates that a limited number of employees, particularly in the IT teams, can have access to patients’ past and future appointments on the platform and this “when the practitioner gives his consent to the sharing of his calendar. “. This operation, if it is legal, somewhat contradicts the assertion of a completely “end-to-end” encryption policy for personal data on the site. The French scale-up insists: to quantify even more, these are key functionalities from which it should separate… to the detriment therefore of the user experience which has made it successful.

We would love to thank the writer of this short article for this awesome web content

Doctolib gives the keys to Atos

We have our social media profiles here as well as other pages related to them here.