The European Commission has launched consultations on a January plan of action, designed to strengthen cybersecurity measures for hospitals and healthcare providers. This process calls for input from health professionals, cybersecurity experts, policymakers and the public to develop effective strategies to protect medical data and ensure continuity of health services. These contributions are important for the development of robust strategies and effective solutions to protect sensitive medical data and ensure the uninterrupted operation of health services.
Interested stakeholders should submit feedback and suggestions by June 30th, as this collaboration is essential to strengthening the overall cybersecurity framework within the health sector.
“For the purposes of this investigation, the term “health provider” is used to refer to entities that legally provide health care on the territory of the Member State,” according to the consultation investigation document. “This can include hospitals and other healthcare providers (GP offices). Additionally, the survey provides the opportunity to provide input on other types of entities in the health sector (such as the manufacturer of medical devices).”
It identifies the continued evolution of cybersecurity threat landscape, reflecting geopolitical tensions, crime opportunism, and the vulnerabilities and risks associated with rapid digitization of critical infrastructure and services in the health sector. Actions defined in the Action Plan are intended to enhance cybersecurity maturity in the healthcare sector and to enhance the capabilities of the EU cybersecurity ecosystem.
The EU consultation document states that the study covers a variety of stakeholders, including medical IT professionals, hospital and provider managers, health professionals, health authorities, patients, compliance and data privacy experts, the cybersecurity and healthcare industry, and academia. Some of the research questions are optional. Multiple choice questions take approximately 15 minutes to complete. Additionally, they may add more written input.
The Action Plan envisages that hospitals and healthcare provider cybersecurity support centres established within the EU Cybersecurity (ENISA) will develop a catalog of services that support preparation, prevention, detection and response. As part of the action plan, Member States should consider target measurements such as micro, medium, medium-sized hospitals and provider cybersecurity vouchers. These vouchers provide financial support to implement specific cybersecurity measures. It also covered medical device regulations and regulations regarding in vitro diagnostic medical devices that set cybersecurity requirements for these devices in the internal market.
The Action Plan envisages the creation of a European Health CISOS network, bringing together the Chief Information Security Officers (CISOs) working in healthcare organizations. As part of the action plan, the support centre will need to implement EU-wide early warning subscription services to the health sector and provide near-real-time alerts on cyber threats. Organizations do not need to pay a subscription fee to benefit from the subscription service.
The EU Cybersecurity Reserve provides incident response services from trusted private providers to support critical or large-scale cybersecurity incidents and initial recovery efforts. EU Cybersecurity Reserves must include quick response services exclusively for the health sector. Member States are encouraged to develop national action plans focused on cybersecurity in the health sector.
The ENISA Support Centre can help develop these plans and coordinate efforts to ensure that already existing national plans and individual member states resources and strategies complement each other. The committee will launch a Health Cybersecurity Advisory Committee with representatives in the healthcare and cybersecurity sectors. The advisory committee can provide opinions on impactful actions on cybersecurity in the sector and discuss further developments in public-private partnerships.
Last week, the European Union recognized that its strategic autonomy and its impact in space are shaped by evolving geopolitical dynamics, ranging from peaceful cooperation to competition and conflicts of global forces. The agency emphasizes how the geopolitical landscape of space activity will affect the EU's current and future capabilities, focusing on exploiting the space for security and defense while addressing space-related risks.
