⚡ Key Takeaways

Africa’s healthcare sector faced 3,575 weekly cyberattacks in 2025, up 38% year-over-year, with over 80% of breaches originating from third-party supply chains. Algeria’s Presidential Decree 26-07 now mandates dedicated cybersecurity units in every public hospital, reporting directly to institutional leadership and coordinating with ASSI. Threat actors like Storm-1175 can move from initial access to full ransomware deployment within 24 hours.

Bottom Line: Begin establishing your hospital’s dedicated cybersecurity unit and complete a third-party vendor threat map before the digitization rollout expands the attack surface further.

Read Full Analysis ↓

Advertisement

🧭 Decision Radar

Relevance for Algeria
High
Presidential Decree 26-07 creates a mandatory cybersecurity framework for every public hospital, and Africa’s healthcare sector faces 3,575 weekly cyberattacks with threat actors like Storm-1175 capable of full compromise within 24 hours.
Action Timeline
Immediate
Hospitals must establish dedicated cybersecurity units now. Supply chain threat mapping and ASSI coordination cannot wait given the active threat environment.
Key Stakeholders
Hospital directors, healthcare IT managers, ASSI coordinators, medical device procurement officers, cybersecurity professionals seeking healthcare specialization
Decision Type
Tactical
Compliance with Decree 26-07 requires concrete organizational changes: creating separate cybersecurity units, establishing ASSI reporting lines, and conducting vendor threat mapping.
Priority Level
Critical
Over 80% of healthcare data breaches originate from third-party supply chains, and Algeria’s accelerating hospital digitization expands the attack surface daily. Delayed action directly increases patient safety risk.

Quick Take: Every public hospital in Algeria must immediately begin establishing its dedicated cybersecurity unit as required by Decree 26-07, with leadership-level reporting lines separate from IT operations. Priority actions include inventorying all third-party vendor connections, mapping IoMT device networks, and establishing coordination protocols with ASSI before threat actors exploit the transition period during hospital digitization.

The Healthcare Attack Surface Expands

Healthcare has become the preferred target for organized cybercriminal operations worldwide, and Africa is no exception. The continent’s healthcare sector absorbed an average of 3,575 cyberattacks per week in 2025, a 38 percent surge over the previous year. Ransomware accounts for more than one-third of all reported healthcare attacks, and the damage extends far beyond data loss: disrupted blood test processing, delayed surgeries, and compromised patient records with life-or-death consequences.

The threat landscape shifted further in early April 2026 when Microsoft published its analysis of Storm-1175, a financially motivated cybercriminal group operating as an affiliate of the Medusa ransomware-as-a-service platform. Storm-1175 targets healthcare organizations through vulnerable web-facing systems, often moving from initial access to full ransomware deployment within 24 hours. The group has exploited more than 16 vulnerabilities since 2023, including zero-day exploits deployed a full week before public disclosure.

For Algeria, where hospital digitization is accelerating and electronic health record systems are being deployed across major facilities in Algiers and Oran, the global threat context demands a structured defensive response. That response is now taking shape through ASSI and the regulatory framework established by Presidential Decree 26-07.

Decree 26-07: Mandatory Cybersecurity Units

Presidential Decree No. 26-07, signed on January 7, 2026 and published in the Official Gazette on January 21, establishes a requirement with no ambiguity: every public institution and administration must create a dedicated cybersecurity unit separate from the department responsible for technical IT management. This unit reports directly to the head of the institution, not to the IT director, ensuring that cybersecurity decisions carry organizational authority.

For hospitals, this architecture is particularly significant. Healthcare IT teams are typically consumed by day-to-day operations: maintaining electronic health records, supporting medical imaging systems, managing laboratory information networks. Separating the cybersecurity function ensures that defensive posture is not subordinated to operational convenience. The dedicated unit must design threat maps specific to the institution, deploy remediation plans, and coordinate directly with ASSI on incident response.

The decree addresses a structural weakness that has made healthcare organizations vulnerable globally. When cybersecurity is embedded within IT operations, security audits compete for attention with system uptime, and patch management gets deferred because clinicians cannot tolerate downtime. A separate reporting line changes the organizational dynamics.

ASSI’s Coordination Role

ASSI, the Information Systems Security Agency operating under the Ministry of National Defense, serves as the national coordination hub for cybersecurity across all sectors. Under the National Cybersecurity Strategy 2025-2029, adopted through Presidential Decree No. 25-321 on December 30, 2025, ASSI’s mandate includes security audits for critical infrastructure, sector-specific cybersecurity regulations for banking, healthcare, and energy, and capacity building aligned with 285,000 new vocational training places.

For the healthcare sector specifically, ASSI’s coordination role addresses the fragmentation problem. Individual hospitals lack the intelligence resources to track threat actors like Storm-1175 or monitor emerging vulnerabilities in medical device firmware. ASSI aggregates threat intelligence across sectors, identifies patterns, and can push actionable alerts to hospital cybersecurity units before attacks materialize.

ASSI has also been working with the High Commission for Digitization on foundational infrastructure projects including the National Data Center, National Cloud, and sovereign network infrastructure. These platforms, when deployed, will provide healthcare institutions with secure, locally hosted alternatives to fragmented on-premises systems that are difficult to defend at scale.

Advertisement

Supply Chain: Where 80 Percent of Breaches Originate

The supply chain dimension is what makes healthcare cybersecurity particularly challenging. Over 80 percent of stolen patient records in recent years have been taken not from hospital systems directly but from third-party vendors, business associates, and external service providers. Medical device manufacturers, pharmaceutical logistics companies, laboratory information system vendors, and cloud service providers all represent potential entry points.

In March 2026, the cyberattack on Stryker, a major medical technology company supplying surgical instruments and implants globally, illustrated the point. A single compromise of a critical supplier cascaded disruption across healthcare facilities worldwide. For Algerian hospitals sourcing medical technology and pharmaceutical supplies from international vendors, this class of attack represents a risk that cannot be managed by perimeter security alone.

Decree 26-07’s requirement for threat mapping becomes especially relevant here. Hospital cybersecurity units must inventory not just their own systems but the connections and data flows with external vendors. Which laboratory equipment phones home to manufacturer servers? Which medical imaging systems receive firmware updates over the internet? Which pharmaceutical supply chain platforms exchange data with hospital procurement systems? Mapping these relationships is the first step toward defending them.

The IoMT Challenge

Smart hospitals are projected to deploy over seven million Internet of Medical Things (IoMT) devices by 2026 worldwide, more than double the number in 2021. Each connected device, from infusion pumps to patient monitors to automated pharmacy dispensers, represents a potential cyber entry point. Many of these devices were not designed with strong security in mind, running legacy operating systems that cannot be patched without manufacturer involvement.

Algeria’s healthcare modernization push, while essential for improving patient care, inevitably expands this attack surface. As hospitals in Algiers, Oran, Constantine, and other major cities deploy connected medical devices, the cybersecurity units mandated by Decree 26-07 will need to maintain device inventories, monitor network traffic from IoMT endpoints, and enforce segmentation policies that prevent a compromised infusion pump from becoming a pathway to the entire hospital network.

Building Healthcare Cyber Capacity

The National Cybersecurity Strategy’s alignment with 285,000 new vocational training places signals recognition that technology and regulation alone are insufficient. Healthcare cybersecurity requires trained personnel who understand both the threat landscape and the clinical environment. A security analyst who forces a mandatory password reset during an emergency surgery is not improving security. They are endangering patients.

Algeria’s approach through the strategy involves sector-specific training that accounts for healthcare’s unique operational constraints: 24/7 uptime requirements, life-critical systems that cannot be taken offline for patching during business hours, and clinicians who need rapid access to records without friction.

For Algerian cybersecurity professionals, healthcare represents an emerging specialization. The combination of mandatory cybersecurity units under Decree 26-07, ASSI coordination requirements, and the expanding digital footprint of hospitals creates demand for security engineers, incident responders, and compliance specialists with healthcare domain expertise.

A Proactive Posture

Algeria’s regulatory approach to healthcare cybersecurity, mandatory dedicated units, direct leadership reporting, ASSI coordination, and sector-specific strategy, establishes a framework that positions the country’s health sector for defense rather than reaction. The framework is new, and implementation across hundreds of public healthcare institutions will take time and resources. But the structural decisions are sound: separating cybersecurity from IT operations, requiring threat mapping, mandating coordination with national intelligence capabilities.

With healthcare cyberattacks surging across Africa and threat actors like Storm-1175 demonstrating the ability to compromise organizations within 24 hours of initial access, the window for building defenses is finite. Algeria’s hospitals are digitizing. The question is whether cybersecurity scales at the same pace. Decree 26-07 and ASSI’s expanded mandate are designed to ensure that it does.

Follow AlgeriaTech on LinkedIn for professional tech analysis Follow on LinkedIn
Follow @AlgeriaTechNews on X for daily tech insights Follow on X

Advertisement

Frequently Asked Questions

What does Presidential Decree 26-07 require Algerian hospitals to do?

Decree 26-07, signed January 7, 2026, mandates that every public institution create a dedicated cybersecurity unit separate from its IT operations department. This unit must report directly to the head of the institution (not the IT director), design institution-specific threat maps, deploy remediation plans, and coordinate directly with ASSI on incident response. The separation ensures cybersecurity decisions carry organizational authority and are not subordinated to day-to-day IT operational pressures.

Why are healthcare supply chains the primary cybersecurity vulnerability?

Over 80 percent of stolen patient records originate not from hospital systems directly but from third-party vendors including medical device manufacturers, pharmaceutical logistics companies, laboratory information system vendors, and cloud service providers. The March 2026 Stryker cyberattack demonstrated how a single supplier compromise cascades across healthcare facilities globally. For Algerian hospitals sourcing medical technology internationally, this third-party risk cannot be managed through perimeter security alone and requires comprehensive vendor relationship mapping.

What role does ASSI play in healthcare cybersecurity?

ASSI (Information Systems Security Agency), operating under the Ministry of National Defense, serves as the national cybersecurity coordination hub. It aggregates threat intelligence across sectors, identifies attack patterns, and pushes actionable alerts to hospital cybersecurity units. Under the National Cybersecurity Strategy 2025-2029, ASSI’s mandate includes security audits for critical infrastructure, sector-specific regulations, and capacity building. Individual hospitals lack the resources to track sophisticated threat actors independently, making ASSI coordination essential for effective defense.

Sources & Further Reading