Cyber attacks on many countries’ healthcare sectors are alarmingly common. Although digital technology has improved and simplified healthcare processes in many ways, it has also had a negative impact on cybersecurity for patients and healthcare professionals alike.
Much of this has to do with data. Healthcare facilities store a wealth of sensitive patient data, from social security numbers to medical histories. This information is valuable to threat actors, who can use it for all sorts of nefarious purposes, from monetization to identity theft. Healthcare facilities also tend to rely on legacy systems using out-of-date software. Some reasons for this include the perceived cost of updating, the possibility of disruptions, and the reluctance to change what works. Unfortunately, this makes many healthcare facilities incredibly vulnerable.
Beyond data breaches, hacking can disrupt important services, delay medical procedures, and create gridlocks in emergency rooms. In 2023, EU member states reported 309 significant cybersecurity incidents affecting the healthcare sector, exceeding the number of cybersecurity incidents reported by any other critical sector.
That’s why the newly formed EU Commission has developed an action plan to boost the cybersecurity of hospitals and healthcare providers. This will be a key priority during its first 100 days.
The EU Commission’s action plan
The action plan aims to protect patients and healthcare professionals alike by creating a more secure environment in facilities across the union. To achieve this, the plan focuses on 4 key priorities:
Bolstering prevention: Enhancing the healthcare sector’s ability to prevent breaches by being better prepared to handle them, for example, by providing guidance on how to implement critical cybersecurity practices and learning resources for healthcare professionals. Member States may also provide financial help to micro, small, and medium-sized hospitals and healthcare providers.
Improving threat detection and identification: The EU will launch a Cybersecurity Support Centre for hospitals and healthcare providers. By 2026, it also plans to develop an EU-wide early warning service for real-time alerts on potential cyber threats.
Minimizing impact: Establish a rapid health sector response service under the EU Cybersecurity Reserve. Develop playbooks for healthcare professionals explaining how to respond to specific cyber threats and implement national cybersecurity exercises. Encourage entities to report ransom payments so they can receive the support they need.
Deterrence: Deterring cyber threat actors from attacking European healthcare systems by using the Cyber Diplomacy Toolbox, a joint EU diplomatic response to malicious cyber activities.
To ensure the plan is implemented effectively, the Commission will consult with Member states, the cybersecurity community, and healthcare providers and seek input from the general public.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.