Commission unveils action plan to protect the health sector from cyberattacks

Today, the Commission has presented an EU action plan aimed at bolstering the cybersecurity of hospitals and healthcare providers. This Action Plan was announced in President von der Leyen's political guidelines as a key priority within the first 100 days of the new mandate.

AdobeStock © meeboonstudio

The initiative is an important step in shielding the healthcare sector from cyber threats. By enhancing threat detection, preparedness and response capabilities of hospitals and health providers, it will create a safer and more secure environment for patients and health professionals.

Digitalisation is bringing a revolution to healthcare, enabling better services to the patients through innovations such as electronic health records, telemedicine, and AI-driven diagnostics. However, cyberattacks can delay medical procedures, create gridlocks in emergency rooms, and disrupt vital services which, in severe cases, could have a direct impact on the lives of Europeans. Member States reported 309 significant cybersecurity incidents affecting the healthcare sector in 2023 - more than in any other critical sector.

The action plan proposes, among others, for ENISA, the EU agency for cybersecurity, to establish a pan-European Cybersecurity Support Centre for hospitals and healthcare providers, providing them with tailored guidance, tools, services, and training. The initiative builds on the broader EU framework to strengthen cybersecurity across critical infrastructure and marks the first sector-specific initiative to deploy the full range of EU cybersecurity measures.

Read the full press release

Read further information:

• Action Plan on the cybersecurity of hospitals and healthcare providers
• Questions and answers
• Factsheet

Related topics