The European Commission has rolled out a comprehensive plan to fortify the cybersecurity of hospitals and healthcare providers across the EU. Recognizing the increasing frequency of cyberattacks on healthcare systems, this EU Action Plan aims to safeguard patient care, improve response capabilities, and establish trust in digital healthcare solutions.
The healthcare sector has witnessed a rise in cyberattacks in recent years. In 2023 alone, EU Member States reported 309 significant cybersecurity incidents targeting healthcare providers—more than any other critical industry. These disruptions, which can delay medical procedures and endanger lives, highlight the pressing need for resilient cybersecurity strategies.
Key Highlights of the EU Action Plan
The EU Action Plan is designed to tackle cybersecurity challenges in the healthcare sector through a four-pronged approach: prevention, detection, response, and deterrence.
Enhanced Prevention
The plan emphasizes strengthening the healthcare sector’s preparedness to prevent cybersecurity incidents. This includes:
- Guidance on Critical Cybersecurity Practices: Hospitals and healthcare providers will receive tailored guidelines to implement best practices for cybersecurity.
- Cybersecurity Vouchers: Financial assistance in the form of vouchers will be made available to micro, small, and medium-sized healthcare providers to enhance their cybersecurity capabilities.
- Learning Resources: New educational tools and training programs will be developed to equip healthcare professionals with the knowledge needed to navigate cybersecurity challenges.
Improved Threat Detection
The EU Action Plan proposes the establishment of a Cybersecurity Support Centre for Hospitals and Healthcare Providers under the guidance of ENISA, the EU Agency for Cybersecurity. By 2026, the Centre will provide an EU-wide early warning system, offering near-real-time alerts about potential cyber threats.
Effective Response to Cyberattacks
To minimize the impact of cyber incidents, the Action Plan includes the following measures:
- A rapid response service under the EU Cybersecurity Reserve, leveraging private incident response providers to support healthcare organisations.
- Development of response playbooks to guide healthcare organisations in handling specific threats, such as ransomware.
- National cybersecurity exercises to strengthen incident response capabilities across Member States.
- Encouragement for Member States to mandate the reporting of ransom payments, enabling authorities to provide support and conduct follow-ups with law enforcement.
Deterrence
To discourage cyberattacks on European healthcare systems, the plan includes the use of the Cyber Diplomacy Toolbox—a coordinated EU diplomatic response to malicious cyber activities. This framework aims to hold cyber threat actors accountable and protect critical healthcare infrastructure.
Collaborative Implementation and Next Steps
The success of EU Action Plan will depend on collaboration among healthcare providers, Member States, and the cybersecurity community. To ensure the plan is effective and addresses the needs of all stakeholders, the Commission will soon launch a public consultation open to citizens and industry experts. The feedback gathered will help refine the proposed measures, with specific actions scheduled for rollout in 2025 and 2026.
Building on a Strong Legislative Framework
The EU Action Plan builds on existing EU legislation to strengthen cyber resilience. Healthcare providers are identified as a sector of high criticality under the NIS2 Directive, which works in tandem with the Cyber Resilience Act—a landmark EU regulation that mandates cybersecurity requirements for digital products. Additionally, the recently established Cyber Emergency Mechanism under the Cyber Solidarity Act will play a crucial role in detecting, preparing for, and responding to cybersecurity threats.
The initiative also supports the broader goal of creating a European Health Data Space, a framework designed to empower citizens with control over their health data while ensuring the security of sensitive information.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security, and Democracy, emphasized the importance of resilience in healthcare systems:
“Modern healthcare has made incredible advances through digital transformation, which has meant citizens have benefited from better healthcare. Unfortunately, health systems are also subject to cybersecurity incidents and threats. That is why we are launching an Action Plan to ensure that healthcare systems, institutions, and connected medical devices are resilient. Prevention is better than cure, so we need to prevent cyber-attacks from happening. But if they happen, we need to have everything in place to detect them and to quickly respond and recover.”
Olivér Várhelyi, Commissioner for Health and Animal Welfare, highlighted the role of trust in digital healthcare:
“Digital technologies and health data-driven solutions have opened unparalleled opportunities in healthcare. They enable precision medicine, real-time patient monitoring, and seamless communication between healthcare providers across borders. But digitalisation is only as strong as the trust it inspires and resilient from cyberattacks. Patients must feel confident that their most sensitive information is secure. Healthcare professionals must have faith in the systems they use daily to save lives. Today’s Action Plan is an important step towards securing that trust and safeguarding a more resilient health ecosystem for the future.”
A Step Towards a Secure Digital Healthcare Future
The EU Action Plan reflects the Commission’s commitment to fostering a secure and resilient healthcare sector. By addressing cybersecurity challenges through prevention, detection, response, and deterrence, the plan lays the groundwork for a safer healthcare environment where technology empowers patients, enhances care, and supports professionals.
As the healthcare sector continues to embrace digitalisation, the EU remains steadfast in its mission to protect its citizens and critical infrastructure from emerging cyber threats.
