The European Commission is taking steps to better secure hospitals and healthcare providers.

Presenting an Action Plan, the aim is to create a safer and more secure environment for patients and health professionals. The action plan proposes to establish a pan-European Cybersecurity Support Centre for hospitals and healthcare providers, providing them with tailored guidance, tools, services, and training.

The initiative builds on the broader EU framework to strengthen cybersecurity across critical infrastructure and marks the first sector-specific initiative to deploy the full range of EU cybersecurity measures.

Enhancing Prevention

There are several key priorities, including enhancing prevention through measures such as guidance on implementing critical cybersecurity practices. Also Member States may introduce ‘cybersecurity vouchers’ to provide financial assistance to micro, small, and medium-sized hospitals and healthcare providers. Finally, EU will also develop cybersecurity learning resources for healthcare professionals.

An EU-wide early warning service, delivering near-real-time alerts on potential cyber threats, is also due to be introduced by 2026.

Also set to be introduced is a rapid response service for the health sector under the EU Cybersecurity Reserve, which allows for national cybersecurity exercises to take place along with the development of playbooks to guide healthcare organisations to respond to specific cybersecurity threats.

Prevention

Henna Virkkunen, executive vice-president for Tech Sovereignty, Security And Democracy at the EC, said: “Unfortunately, health systems are also subject to cybersecurity incidents and threats. That is why we are launching an Action Plan to ensure that healthcare systems, institutions and connected medical devices are resilient.

“Prevention is better than cure, so we need to prevent cyber-attacks from happening. But if they happen, we need to have everything in place to detect them and to quickly respond and recover.”

Andy Garth, director of Government Affairs at ESET, said of particular interest was the establishment of the European Cybersecurity Support Centre for Hospitals and Healthcare Providers under ENISA, along with the EU-wide early warning service aimed at providing near-real-time alerts for rapid threat detection and a rapid incident response capability.

“The allocation of dedicated funds to enhance cybersecurity measures, including training and tools, will be appreciated,” he said.

“It is also positive to see active efforts to further enhance collaboration with Europol, particularly through the NoMoreRansom Project, which ESET is part of. The plan also introduces measures, such as a Cybersecurity Voucher Programme for smaller providers, secure cloud migration support, and enhanced supply chain security under the Cyber Resilience Act. Any initiative that helps this crucial sector fortify itself against such contemptible attacks is welcome.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.