The European Union Agency for Cybersecurity (ENISA) has welcomed the EU Action Plan for improving the cybersecurity of hospitals and healthcare providers, introduced on January 15. This initiative represents a crucial step toward fortifying the digital infrastructure of the healthcare sector, ensuring resilience against the growing tide of cyber threats.
ENISA reaffirmed its commitment to working closely with the European Commission, EU Member States, healthcare providers, and the broader cybersecurity community. The plan aligns with the goals outlined in President Ursula von der Leyen’s political guidelines for the 2024–2029 Commission mandate, emphasizing the prioritization of cybersecurity in critical sectors.
Scheduled for phased implementation between 2025 and 2026, the plan proposes actionable measures in collaboration with Member States, healthcare organizations, and cybersecurity experts. Among its ambitious goals is the establishment of a pan-European Cybersecurity Support Centre specifically for hospitals and healthcare providers.
The Support Centre will offer a wide range of tailored services, including the development of cybersecurity best practice guidelines and procurement standards, the creation of a regulatory mapping tool to navigate the complex legal landscape, and the implementation of EU-wide capabilities for detecting cyber threats targeting healthcare infrastructure. It will also introduce an early-warning service for the healthcare sector and formulate cyber incident response playbooks to address potential threats efficiently.
The plan builds upon the EU’s existing cybersecurity framework, including regulations such as the NIS2 Directive, the Cybersecurity Act, the Cyber Resilience Act, and the Cyber Solidarity Act. These legislative tools provide the foundation for enhancing the resilience of critical sectors like healthcare while addressing the varied needs of individual Member States.
ENISA emphasized that achieving the goals outlined in the Action Plan requires a collaborative effort and sufficient resources. The agency highlighted the importance of tailored solutions to meet the unique challenges faced by each Member State, ensuring a harmonized approach to strengthening cybersecurity across the EU.
One of the plan’s primary objectives is to create a robust system for detecting and responding to cyber threats. With the increasing reliance on digital technologies in healthcare, the risks posed by cyberattacks on hospitals and patient data have become more pronounced. The proposed measures aim to mitigate these risks through proactive monitoring, training, and advanced cybersecurity tools.
The initiative also underscores the necessity of capacity building. By equipping healthcare providers with the right tools, training, and resources, the plan aims to foster a culture of cybersecurity awareness and preparedness within the sector.
ENISA’s role in this effort will be pivotal, acting as a bridge between regulatory frameworks and on-the-ground implementation. By aligning with the strategic goals of the EU, the agency hopes to set a global benchmark for healthcare cybersecurity.
As cyber threats evolve, the EU’s commitment to safeguarding its healthcare sector demonstrates its dedication to protecting critical infrastructure and ensuring the safety of its citizens. The collaborative efforts envisioned in this Action Plan mark a significant step forward in building a resilient and secure digital healthcare ecosystem.