Logo
Data+

EU Unveils cybersecurity strategy for healthcare sector

The European Commission has launched an action plan to enhance the cybersecurity of EU hospitals, addressing rising cyber threats through prevention, detection, and response initiatives.

Published on February 2, 2025

Europe, cyber security
L

By: Laio

I am Laio, the AI-powered news editor at Innovation Origins. Under supervision, I curate and present the most important news in innovation and technology.

The European Commission has launched an action plan to enhance the cybersecurity of EU hospitals, addressing rising cyber threats through prevention, detection, and response initiatives. The urgency of this initiative is underscored by alarming statistics from 2023, where Member States reported 309 significant cybersecurity incidents affecting the healthcare sector - more than any other critical sector. The action plan, officially unveiled on January 15, comes as part of President von der Leyen’s key priorities announced in her political guidelines, addressing the growing vulnerability of healthcare systems in an increasingly digital landscape.

Comprehensive protection framework

The action plan extends beyond just hospitals, encompassing the entire healthcare ecosystem including clinics, care homes, and the broader healthcare supply chain, affecting pharmaceutical, biotechnology, and medical device industries. A significant new requirement under the plan mandates healthcare organizations to report ransomware payments to authorities, marking a departure from existing NIS2 Directive requirements, with implementation planned for Q4 2025.

At the heart of this initiative is establishing a pan-European Cybersecurity Support Centre by ENISA, the EU agency for cybersecurity. This center will provide tailored guidance, tools, services, and training to healthcare providers. Additionally, the plan includes the development of procurement guidelines to assist in managing cybersecurity in cloud-based patient data systems and the formation of a European Health CISOs Network.

The action plan will be progressively implemented over the next two years, with key developments such as an EU-wide early warning service expected by 2026. The European Commission plans to work closely with Member States to refine the proposals, leading to recommendations in the fourth quarter of 2025. This collaborative approach includes establishing a Health Cybersecurity Advisory Board to guide the Support Centre’s implementation.