In January 2025, the European Commission launched a comprehensive action plan to improve the cybersecurity of hospitals and healthcare providers across the EU. As healthcare systems increasingly become targets of cyber and ransomware attacks, this plan aims to strengthen the security of our health systems.
The action plan is structured around four pillars:
- Prevent: Building capacities to prevent cybersecurity incidents through enhanced preparedness measures, including risk management, risk assessment, and cybersecurity training for healthcare professionals.
- Detect: Enhancing threat detection capacity with better detection tools, including an EU-wide early subscription warning service for the healthcare sector, to be developed by 2026.
- Respond and recover: Ensuring the availability of the EU Cybersecurity Reserve, incident response services, and national cybersecurity exercises to help address significant or large-scale cybersecurity incidents.
- Deter: Supporting the goal of deterring cyber threat actors from attacking European healthcare systems through various measures, including the Cyber Diplomacy Toolbox.
The action plan is designed to be implemented in collaboration with healthcare providers, Member States, and the cybersecurity community. A consultation with stakeholders will be launched soon to gather feedback from stakeholders and refine the plan's most impactful actions.
Take Action: The European Commission invites healthcare stakeholders to participate in the consultation and provide feedback to help shape the future of cybersecurity in the healthcare sector.