EU Unveils Cybersecurity Strategy for Healthcare Sector

EU Unveils Cybersecurity Strategy for Healthcare Sector

2025-01-30 data

Brussels, Thursday, 30 January 2025.
The European Commission has launched an action plan to enhance the cybersecurity of EU hospitals, addressing rising cyber threats through prevention, detection, and response initiatives.

Rising Cyber Threats in Healthcare

The urgency of this initiative is underscored by alarming statistics from 2023, where Member States reported 309 significant cybersecurity incidents affecting the healthcare sector - more than any other critical sector [1][4]. The action plan, officially unveiled on January 15, 2025 [2], comes as part of President von der Leyen’s key priorities announced in her political guidelines [1], addressing the growing vulnerability of healthcare systems in an increasingly digital landscape [GPT].

Comprehensive Protection Framework

The action plan extends beyond just hospitals, encompassing the entire healthcare ecosystem including clinics, care homes, and the broader healthcare supply chain, affecting pharmaceutical, biotechnology, and medical device industries [2]. A significant new requirement under the plan mandates healthcare organizations to report ransomware payments to authorities, marking a departure from existing NIS2 Directive requirements, with implementation planned for Q4 2025 [2].

Creation of Support Infrastructure

At the heart of this initiative is the establishment of a pan-European Cybersecurity Support Centre by ENISA, the EU agency for cybersecurity [1]. This center will provide tailored guidance, tools, services, and training to healthcare providers [1]. Additionally, the plan includes the development of Procurement Guidelines to assist in managing cybersecurity in cloud-based patient data systems and the formation of a European Health CISOs Network [2].

Implementation Timeline and Future Steps

The action plan will be progressively implemented over the next two years, with key developments such as an EU-wide early warning service expected by 2026 [4]. The European Commission plans to work closely with Member States to refine the proposals, leading to recommendations in the fourth quarter of 2025 [4]. This collaborative approach includes the establishment of a Health Cybersecurity Advisory Board to guide the Support Centre’s implementation [2][5].

Bronnen

• digital-strategy.ec.europa.eu
• www.insideprivacy.com
• digital-strategy.ec.europa.eu
• www.bankinfosecurity.com
• health-isac.org

cybersecurity healthcare