The European Union has announced a comprehensive action plan to strengthen cybersecurity in healthcare systems in response to a significant rise in cyberattacks targeting this sector. In 2023, 309 major cyber incidents were recorded in the healthcare industry, more than in any other critical industry.
Prevention and Resilience
- Development of dedicated cybersecurity guidelines for healthcare institutions.
- Financial support for small and medium-sized healthcare facilities through financial aid vouchers.
- Implementation of training programs to enhance cybersecurity awareness and skills among medical staff.
Threat Identification and Response
- Establishment of a dedicated Cyber Support Center led by the European Union Agency for Cybersecurity (ENISA) by 2026, offering guidance, tools, and tailored services for healthcare institutions.
- Development of a real-time alert system for identifying cybersecurity threats.
- Formation of rapid response teams under the European cybersecurity framework to assist in managing critical cyber incidents.
- Conducting national emergency drills to improve readiness and response to cyber events.
Deterrence and Enforcement
- Utilization of state-level tools against attackers, including sanctions and legal measures.
- Mandatory reporting of ransomware payments to enhance transparency and reduce incentives for attackers.
- Strengthening cooperation with law enforcement agencies to identify and prosecute cybercriminals.
Margrethe Vestager, Vice President of the European Commission, emphasized: “We must prevent cyberattacks, but if they occur, we must be prepared to detect, respond, and recover quickly.”
The healthcare sector has become a primary target for cyber attackers, especially through ransomware attacks. This action plan aims to bolster the sector’s ability to defend itself, ensure resilience, and protect critical healthcare services.
