The European Union has announced new measures to tackle the growing threat posed to hospitals and the broader healthcare sector by an increase in cyberattacks.
Such attacks include data breaches or ransomware - a form of digital blackmail in which hackers encrypt files or block services, demanding users pay to regain access.
World Health Organization Director-General Tedros Adhanom Ghebreyesus warned in November that such ransomware attacks on hospitals "can be issues of life and death" as the agency and 50 countries raised concerns at the United Nations about the rising threat.
There were 309 "significant cybersecurity incidents" affecting the EU's healthcare sector in 2023, the European Commission said, more than any other critical industry in the bloc.
The EU warned that hospitals and healthcare providers are "particularly vulnerable" to such threats, which can disrupt treatment and risk patients' data safety.
Prevention is better than cure.
— European Commission (@EU_Commission) January 15, 2025
Today, we introduce the Action Plan on Cybersecurity to protect hospitals and patients.
It will:
✅ Prevent attacks
✅ Detect threats early
✅ Respond quickly
✅ Deter attackers
Together, we're securing the future of digital healthcare.
Planned measures include setting up a pan-European cybersecurity support centre for hospitals and healthcare providers.
The proposal aims to encourage hospitals to secure data with robust backup systems, to train staff to better respond to cyber threats and help healthcare providers avoid paying ransoms.
The EU will expand ransomware decryption tools to support recovery from cyberattacks as part of the plan that seeks to protect uninterrupted care for patients.
It also urges the bloc's 27 member states to prepare national plans to bolster cybersecurity in the sector, taking into account the specific risks in each country.
The commission said it would discuss the threats further with the sector to create a "more detailed and targeted" plan by the end of the year.
"Prevention is better than cure, so we need to prevent cyberattacks from happening. But if they happen, we need to have everything in place to detect them and to quickly respond and recover," the EU's Commissioner for Technological Sovereignty, Henna Virkkunen, said in a statement.
"Patients must feel confident that their most sensitive information is secure. Healthcare professionals must have faith in the systems they use daily to save lives," Commissioner for Health, Oliver Varhelyi, said.
