The European Commission presented this Wednesday an action plan for member countries aimed at strengthening the cybersecurity of hospitals and healthcare providers. Digitalization is revolutionizing healthcare, enabling better services for patients thanks to innovations such as electronic health records, telemedicine and artificial intelligence-powered diagnostics.
However, cyberattacks can delay medical procedures, create blockages in emergency rooms and disrupt vital services that, in serious cases, could have a direct impact on the lives of Europeans. In 2023, member states reported 309 significant cybersecurity incidents affecting the healthcare sector, more than any other critical sector.
That is why this plan, which is framed within Ursula von der Leyen’s objectives for the first 100 days of her second term at the head of the Commission, has been called a “key priority.” The EU executive understands that increasing cyber attacks against the healthcare sector pose serious risks to the trust, safety and lives of patients, while criminals exploit the critical nature of data and services to demand ransoms. Because of this, the new legislation establishes minimum safety requirements for hospitals and healthcare providers.
«The initiative is an important step to protect the healthcare sector from cyber threats. By improving the threat detection, preparation and response capabilities of hospitals and healthcare providers, a safer environment will be created for patients and healthcare professionals,” the executive said in a statement. The specific actions will be implemented progressively during 2025 and 2026.
The action plan proposes, among other measures, that Enisa, the EU cybersecurity agency, establish a pan-European Cybersecurity Support Center for hospitals and healthcare providers. This center will offer personalized guidance, tools, services and training. The initiative builds on the EU’s broader framework to strengthen cybersecurity in critical infrastructure and marks the first sectoral initiative to deploy the full suite of EU cybersecurity measures.
Specific guides for cybersecurity
The action plan prioritizes prevention as a key pillar to strengthen cybersecurity in the health sector. It seeks to equip hospitals and healthcare providers with greater capabilities to prevent incidents through advanced preparedness measures, such as the implementation of critical cybersecurity practices supported by specific guidance.
Furthermore, it proposes that Member States introduce cybersecurity vouchers to financially support small, medium-sized hospitals and micro-enterprises in the implementation of these practices. The development of educational resources on cybersecurity for health professionals is also planned, promoting a culture of prevention in the sector.
Better threat detection
A central element of the plan is improved detection and monitoring of cyber threats. To achieve this, the Cybersecurity Support Center will offer a European-wide early warning service, capable of providing almost real-time warnings about possible cyber attacks. This system will be operational by 2026 and will allow hospitals and healthcare providers to react more quickly and effectively to threats, thus strengthening their response capacity.
Effective response to cyber attacks
Minimizing the impact of cyberattacks is another priority of the plan. To this end, a rapid response service is proposed for the healthcare sector under the EU Cybersecurity Reserve. This service, supported by trusted providers, will facilitate immediate interventions in the event of serious incidents.
Likewise, the conduct of national cybersecurity exercises and the development of practical manuals will be encouraged to guide the response of health organizations to specific threats, such as ransomware attacks. In addition, notification of ransom payments will be encouraged to provide adequate support and facilitate monitoring by authorities.
Deterrence of malicious actors
The plan also focuses on deterring malicious actors from attacking European health systems. To this end, it contemplates the use of the Cyber Diplomacy Framework, which allows the EU to jointly respond to malicious cyber activities through diplomatic measures.
By strengthening response capacity and sending a clear message of unity in the face of threats, this strategy seeks to protect the European healthcare sector and ensure that critical networks and systems are better prepared against possible attacks.
#European #center #protect #train #hospitals #hacking
