EU reveals plan to shield health sector from cyberattacks

15 Jan 2025

Image: © artjazz/Stock.adobe.com

EU member states reported 309 significant cybersecurity incidents affecting the healthcare sector in 2023, which was ‘more than in any other critical sector’.

The European Commission has today (15 January) presented an action plan aimed at strengthening the cybersecurity of hospitals and healthcare providers.

This plan was announced by the Commission’s president, Ursula von der Leyen, as part of her political guidelines and has been highlighted as a key priority within the first 100 days of the new mandate. The initiative builds on the broader EU framework aimed at strengthening cybersecurity across different forms of critical infrastructure.

The Commission said that it hopes that by “enhancing threat detection, preparedness and response capabilities of hospitals and health providers”, it will help to foster a safer environment for patients and health professionals in the EU. It also said that its member states reported 309 significant cybersecurity incidents affecting the healthcare sector in 2023 – “more than in any other critical sector”.

Specifically, the plan has four main priorities: to implement enhanced prevention; to provide better detection and identification of threats; to provide a rapid response to cyberattacks to minimise impact; and to protecting European healthcare systems by deterring cyberthreat actors from attacking them.

It also proposes for ENISA, the EU agency for cybersecurity, to establish a pan-European Cybersecurity Support Centre for hospitals and healthcare providers, in order to assist them with tailored guidance, tools, services and training.

The Commission announced that it will soon launch a public consultation on the plan.

Specific actions regarding the Commission’s plan will be rolled out progressively in 2025 and 2026. The results of this consultation will be used to inform further recommendations by the end of the year.

Commenting on the initiative, Henna Virkkunen, the Commission’s executive VP for tech sovereignty, security and democracy, noted that while modern healthcare has made impressive strides, it has also faced challenges in the form of cybersecurity incidents and threats plaguing the healthcare sector.

“That is why we are launching an action plan to ensure that healthcare systems, institutions and connected medical devices are resilient,” Virkkunen said.

“Prevention is better than cure, so we need to prevent cyberattacks from happening, but if they happen, we need to have everything in place to detect them and to quickly respond and recover.”

Last week, an EU consortium outlined plans to arm thousands of healthcare workers with digital skills. The Sustainable Healthcare with Digital Health Data Competence initiative (Susa) aims to prepare more than 7,000 professionals to navigate the rapidly evolving digital landscape in healthcare by 2028.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Ciarán Mather is a senior journalist with Silicon Republic

editorial@siliconrepublic.com