Aller au contenu
FRENFR-CAEN-CA
Contact
Case study · Health 30 to 50 practitioners

Multi-practitioner medical practice — HDS hosting and managed SOC

Anonymised case — a 35-practitioner medical practice in Île-de-France migrated its patient records and teleimaging to our HDS-certified cloud, with 24/7 cybersecurity monitoring. GDPR-compliant, Law 25 ready, 99.98% measured availability.

99.98%
Application availability measured over 12 months
100%
Data hosted in France (HDS)
8 months
Full migration without patient disruption
« We wanted our patient data to stay in France and a human to look at our alerts at night. That's exactly what we got, without having to understand half the acronyms along the way. »
— Partner physician, managing partner, Multi-practitioner medical practice, Île-de-France, France

Context

A multi-practitioner medical practice in Île-de-France, 35 partner physicians, 60 administrative staff, running an online patient record system, teleimaging and an integrated appointment system. The whole stack was self-hosted on two aging servers in a basement, with no disaster recovery plan, no cybersecurity monitoring and no HDS certification — despite French law requiring it.

Triggers — a CNIL inspection at a nearby practice, the arrival of teleimaging (volumes 10× higher than classical records), and the inability to underwrite professional cyber insurance without a minimum protection baseline.

Scope delivered

  • Migration of patient records, teleimaging and backups to our HDS-certified datacenter (Île-de-France and Occitanie).
  • Hexceos Sentinel deployed across 60 administrative workstations and 35 medical laptops.
  • 24/7 SOC activated with a special “health data” procedure (CNIL notification within 4 hours of confirmed leak).
  • Outsourced Hexceos DPO for the processing register and patient request management.

Results

  • 99.98% application availability measured over 12 months — less than 2 hours of cumulative downtime per year, compliant with the HDS contract.
  • 100% of patient data hosted in France, certified by HDS audit.
  • Full migration in 8 months without any patient-perceived downtime (overnight modular cutover).
  • GDPR-compliant and Law 25-ready (relevant for Quebec patients in cross-border telehealth).

What changed

The practice was able to underwrite the cyber insurance requested by its board and onboard new hospital clients who mandated HDS. Physicians now have mobile access to the patient record without manual VPN configuration.

Anonymised at the customer’s request. Figures presented reflect real measurements on a single customer between 2025 and 2026.

Your situation

Let's discuss
your case.

A Hexceos engagement always starts with a no-commitment conversation.

Request a call Cybersecurity audit