Today, the Commission introduced an EU action plan to enhance the cybersecurity of hospitals and healthcare providers. This initiative was highlighted in President von der Leyens guidelines as a priority for the new mandate. It aims to shield the healthcare sector from cyber threats by improving threat detection, preparedness, and response capabilities, thereby ensuring a safer environment for patients and healthcare professionals.
Digitalization is transforming healthcare with innovations like electronic health records and AI diagnostics. However, cyberattacks can disrupt services and delay procedures, impacting European lives. In 2023, 309 significant cybersecurity incidents affected the healthcare sector, more than any other critical sector.
The action plan suggests establishing a pan-European Cybersecurity Support Centre, led by ENISA, to offer tailored guidance, tools, and training to hospitals and healthcare providers. It is the first sector-specific initiative deploying comprehensive EU cybersecurity measures.
The plan focuses on four priorities:
- Enhanced Prevention: Building the healthcare sectors capacity to prevent incidents through preparedness measures and introducing Cybersecurity Vouchers for financial support to small healthcare providers.
- Better Detection: Developing an EU-wide early warning service for potential cyber threats.
- Response to Attacks: Proposing a rapid response service under the EU Cybersecurity Reserve, including exercises and playbooks for handling specific threats.
- Deterrence: Using the Cyber Diplomacy Toolbox to deter attacks on European healthcare systems.
The plan will be implemented in cooperation with healthcare providers and stakeholders. A public consultation will refine actions to benefit patients and providers.
Next Steps
The plan initiates a process to improve healthcare cybersecurity. Actions will be rolled out in 2025 and 2026, with consultation results informing further recommendations by year-end.
Background
The EU promotes cyber resilience to protect citizens and businesses in a digital Europe. This plan responds to sector-specific threats and builds on the NIS2 Directive and Cyber Resilience Act. Hospitals are critical under the NIS2 Directive, and the Cyber Solidarity Act enhances EU response to threats.
A resilient digital infrastructure is crucial for the European Health Data Space, empowering citizens with data control.
For More Information
Action plan on the cybersecurity of hospitals and healthcare providers