The European Union has launched a new action plan aimed at boosting cybersecurity for hospitals and the healthcare sector in response to escalating cyberattacks. These attacks have become increasingly frequent since the onset of the COVID-19 pandemic, with major incidents affecting countries like Ireland, France, the UK, and Finland. In 2023 alone, national governments reported 309 significant cybersecurity breaches in healthcare, surpassing other critical sectors. The European Commission is prioritizing the protection of healthcare facilities by implementing strategies to help them prepare for and combat these threats.
Henna Virkkunen, the European Commission’s tech and security czar, emphasized the urgency of supporting the healthcare sector, given the ongoing massive cyberattacks. The Commission’s action plan includes the creation of a European Cybersecurity Support Center within the EU’s cybersecurity agency, ENISA. This center will provide hospitals with essential tools and services such as early warning systems, vulnerability assessments, and guidance on incident response. ENISA will receive additional funding, though the exact amount has not yet been determined.
The Commission will establish a rapid response service for the healthcare sector
As part of the plan, the Commission will establish a rapid response service for the healthcare sector, leveraging the EU Cybersecurity Reserve, a mechanism created under the Cyber Solidarity Act. This service aims to provide immediate assistance during cyber emergencies. Another key initiative within the plan is the introduction of “cybersecurity vouchers” to help small hospitals and healthcare providers strengthen their cyber resilience. These vouchers will offer financial support for cybersecurity measures, though the specific amount of funding has yet to be finalized.
Additionally, the plan proposes a policy for healthcare organizations to disclose when they have paid or intend to pay ransoms in ransomware attacks. This initiative aims to increase transparency and help the Commission develop strategies to combat such crimes. The Commission also plans to make decryption tools more widely available, enabling organizations to recover data without having to pay ransoms. The EU will consult member states and healthcare entities on the details of the plan, which is expected to be fully implemented later this year.
