Mirage News
Mirage News
World
 Date Time

EU Acts to Shield Health Sector from Cyberattacks

European Commission

Today, the Commission has presented an EU action plan aimed at bolstering the cybersecurity of hospitals and healthcare providers. This Action Plan was announced in President von der Leyen's political guidelines as a key priority within the first 100 days of the new mandate. The initiative is an important step in shielding the healthcare sector from cyber threats. By enhancing threat detection, preparedness and response capabilities of hospitals and health providers, it will create a safer and more secure environment for patients and health professionals.

Digitalisation is bringing a revolution to healthcare, enabling better services to the patients through innovations such as electronic health records, telemedicine, and AI-driven diagnostics. However, cyberattacks can delay medical procedures, create gridlocks in emergency rooms, and disrupt vital services which, in severe cases, could have a direct impact on the lives of Europeans. Member States reported 309 significant cybersecurity incidents affecting the healthcare sector in 2023 – more than in any other critical sector.

The action plan proposes, among others, for ENISA, the EU agency for cybersecurity, to establish a pan-European Cybersecurity Support Centre for hospitals and healthcare providers, providing them with tailored guidance, tools, services, and training. The initiative builds on the broader EU framework to strengthen cybersecurity across critical infrastructure and marks the first sector-specific initiative to deploy the full range of EU cybersecurity measures.

In a nutshell, the action plan focuses on four priorities:

  • Enhanced Prevention. The plan helps to build the healthcare sector's capacities to prevent cybersecurity incidents through enhanced preparedness measures such as guidance on implementing critical cybersecurity practices. Secondly, the Member States may also introduce Cybersecurity Vouchers to provide financial assistance to micro, small, and medium-sized hospitals and healthcare providers. Finally, EU will also develop cybersecurity learning resources for healthcare professionals.
  • Better detection and identification of threats. The Cybersecurity Support Centre for hospitals and healthcare providers will develop an EU-wide early warning service, delivering near-real-time alerts on potential cyber threats, by 2026.
  • Response to Cyberattacks to minimise impact. The plan proposes a rapid response service for the health sector under the EU Cybersecurity Reserve. Established in the Cyber Solidarity Act, the Reserve provides incident response services from trusted private service providers. As part of the plan, national cybersecurity exercises can take place along with the development of playbooks to guide healthcare organisations to respond to specific cybersecurity threats, including ransomware. Member States are encouraged to request reporting of ransom payments from entities, to be able to provide them the support they need and allow follow-up by law enforcement authorities.
  • Deterrence: Protecting European healthcare systems by deterring cyber threat actors from attacking them. This includes the use of the Cyber Diplomacy Toolbox, a joint EU diplomatic response to malicious cyber activities.

The Action Plan will be implemented hand in hand with healthcare providers, Member States, and the cybersecurity community. To further refine the most impactful actions so that patients and healthcare providers can benefit from them, the Commission will soon launch a public consultation on this plan, open to all citizens and stakeholders.

Next Steps

The action plan is the start of a process to improve cybersecurity in the healthcare sector. Specific actions will be rolled out progressively in 2025 and 2026. The results of the consultation will feed into further recommendations by the end of the year.

Background

The EU works on various fronts to promote cyber resilience and protect its citizens and businesses from cyber threats in an increasingly digital and connected Europe. This action plan responds to the urgency of the situation and the unique threats facing the sector. It builds on the existing legislative framework in the field of cybersecurity. Hospitals and other healthcare providers are established as a sector of high criticality under the NIS2 Directive. The NIS2 cybersecurity framework works hand in hand with the Cyber Resilience Act , the first-ever EU legislation placing mandatory cybersecurity requirements for products that include digital elements, which entered into force on 10 December 2024. The Commission has also put in place a Cyber Emergency Mechanism under the Cyber Solidarity Act which reinforces the EU's solidarity and coordinated actions to detect, prepare and effectively respond to growing cybersecurity threats and incidents.

Ensuring a resilient and secure digital infrastructure is essential for the full deployment of the European Health Data Space which will place citizens at the centre of their healthcare, granting them full control over their data.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
Tags: , , , , , , , , , , , , , , , ,

You might also like

Exploring Shamanic Rituals: Shamans in Diverse Cultures
The Influence of Forest Bathing on Health and Well-being
Unravelling the Power of Placebos: Believing is Healing
The Science of Spiciness: Why Some Like It Hot
Sydney Dad Slaps Himself to Historic $100M Powerball
Unravelling the Incredible Engineering of Ant Nests