The European Union has taken action to address the increasing number of cyberattacks targeting hospitals and the healthcare sector. With the rise of cybersecurity breaches in the healthcare industry, particularly during the COVID-19 pandemic, countries like Ireland, France, the UK, and Finland have faced significant incidents. In response to this growing threat, the European Commission has unveiled a new action plan to enhance cybersecurity measures and protect healthcare facilities.
Henna Virkkunen, a key figure in the European Commission focused on technology and security, has underscored the importance of providing support to the healthcare sector in light of the escalating cyberattacks. The Commission’s action plan entails the establishment of a European Cybersecurity Support Center within ENISA, the EU’s cybersecurity agency. This center will offer hospitals various resources, including early warning systems, vulnerability assessments, and guidance on incident response. While the exact amount of additional funding for ENISA has yet to be determined, the goal is to enhance cybersecurity capabilities and preparedness in healthcare settings.
One of the central components of the plan is the introduction of a rapid response service tailored for the healthcare sector, utilizing the EU Cybersecurity Reserve established under the Cyber Solidarity Act. This service aims to provide immediate support during cyber emergencies, ensuring a swift and effective response to cyber threats. Moreover, the plan includes the implementation of “cybersecurity vouchers” to assist small hospitals and healthcare providers in strengthening their cybersecurity defenses. These vouchers will offer financial assistance for cybersecurity measures, although specific funding details are still being finalized.
In a bid to promote transparency and combat ransomware attacks, the Commission is proposing a policy requiring healthcare organizations to disclose ransom payments or intentions to pay. This measure seeks to shed light on the prevalence of ransomware incidents and aid the Commission in devising strategies to counter such criminal activities. Additionally, the plan aims to broaden access to decryption tools, enabling organizations to recover data without resorting to paying ransoms. The EU is set to engage member states and healthcare entities for input on the plan’s specifics, with full implementation anticipated later this year.
The launch of this comprehensive action plan signifies the EU’s commitment to safeguarding healthcare facilities from cyber threats and ensuring the resilience of the healthcare sector in the face of escalating cybersecurity challenges. By bolstering cybersecurity capabilities, providing financial support, and promoting transparency, the European Union is taking proactive steps to enhance the cybersecurity posture of hospitals and healthcare providers across the region.