The European Union has announced an “action plan” to bolster cybersecurity in the health care sector following a surge in cyberattacks on hospitals across member states since 2020.
The initiative, revealed by the European Commission, aims to provide early warnings, rapid response teams, and enhanced support for hospitals.
In 2023, national governments reported 309 significant cyber incidents targeting health care—the highest among critical sectors. The plan includes establishing a European Cybersecurity Support Center under ENISA, the EU’s cybersecurity agency, to assist hospitals with tools like vulnerability assessments, incident response guidance, and an early-warning system.
To support smaller hospitals, the plan introduces “cybersecurity vouchers” for improving resilience, although funding details remain undecided. A rapid response service will also be created via the EU Cybersecurity Reserve.
The Commission is encouraging health care organizations to report ransomware payments and plans to enhance access to decryption tools, reducing reliance on ransom payments. Consultations on the plan will take place throughout 2025.
