The European Commission (EC) has launched a new action plan to enhance the cybersecurity of hospitals and healthcare providers across Europe.
The new action plan aims to protect the healthcare sector from cyber threats by improving threat detection, preparedness, and response capabilities.
It will create a safe and more secure environment for patients and healthcare professionals.
The action plan proposes the establishment of a pan-European Cybersecurity Support Centre for hospitals and healthcare providers by ENISA, the EU agency for cybersecurity.
The cybersecurity centre will provide customised guidance, tools, services, and training.
The initiative is part of the broader EU framework to strengthen cybersecurity across critical infrastructure and marks the first sector-specific deployment of EU cybersecurity measures.
EC tech sovereignty, security, and democracy executive vice-president Henna Virkkunen said: “Modern healthcare has made incredible advances through digital transformation, which has meant citizens have benefited from better healthcare.
“Unfortunately, health systems are also subject to cybersecurity incidents and threats. That is why we are launching an Action Plan to ensure that healthcare systems, institutions and connected medical devices are resilient.
“Prevention is better than cure, so we need to prevent cyber-attacks from happening. But if they happen, we need to have everything in place to detect them and to quickly respond and recover.”
According to the commission, digitalisation is advancing healthcare through advancements in electronic health records, telemedicine, and AI-driven diagnostics.
However, cyberattacks can potentially delay medical procedures and disrupt vital services.
In 2023, EU member states reported 309 significant cybersecurity incidents in the healthcare sector, which is more than any other critical sector.
The commission’s new action plan focuses on four important areas, enhanced prevention, better detection, response to cyberattacks, and deterrence.
Enhanced prevention includes building capacities to prevent incidents through preparedness measures and introducing Cybersecurity Vouchers for financial assistance.
Better detection involves developing an EU-wide early warning service by 2026.
Response to Cyberattacks includes a rapid response service under the EU Cybersecurity Reserve and national cybersecurity exercises.
Deterrence involves protecting healthcare systems through measures like the Cyber Diplomacy Toolbox.
EC intends to implement the new action plan in collaboration with healthcare providers, member states, and the cybersecurity community.
It will launch a public consultation to refine actions, with specific actions rolled out progressively in 2025 and 2026, with results expected by the end of the year.
