The European Commission has presented an EU action plan to strengthen the cybersecurity of hospitals and healthcare providers. This work is a key priority within the first 100 days of the new mandate, with the aim of creating a safer and more secure environment for patients.
In 2023 alone, EU countries reported 309 serious cybersecurity incidents targeting the healthcare sector, more than any other critical sector. As healthcare providers increasingly utilize digital health records, the risk of data-related threats continues to increase. Many systems can be affected, including electronic medical records, hospital workflow systems, and medical equipment. Such threats can threaten patient care and even put lives at risk.
To address these challenges, the EU is working to strengthen the health sector and make it more resilient to cyber threats. The new action plan builds on existing legislation, such as the EU-wide law on cybersecurity, and expands its scope to include common practices. It focuses on preventing, detecting, mitigating, and deterring cyber threats. The plan also aims to establish a pan-European cybersecurity support center to provide better guidance to hospitals and healthcare providers. It will be further refined through a collaborative approach by the end of the year and rolled out in stages over the next two years.
Digitalization in the healthcare sector enables better service to patients through innovation and many other benefits. The EU remains committed to fostering a healthcare environment where technology empowers patients, enhances care and supports healthcare workers.
For more information
Cybersecurity for hospitals and healthcare providers
A new plan for Europe's sustainable prosperity and competitiveness
cyber security
Press release: Commission releases action plan to protect health sector from cyber-attacks
European action plan on cybersecurity for hospitals and healthcare providers
European Union Cyber Security Agency (ENISA)
