This Action Plan was announced in President von der Leyen’s political guidelines as cybersecurity is a key priority of the EU.
Member States reported 309 significant cybersecurity incidents affecting the healthcare sector in 2023 – more than in any other critical sector.
In a nutshell, the action plan focuses on four priorities:
- Enhanced Prevention. The plan helps to build the healthcare sector’s capacities to prevent cybersecurity incidents through enhanced preparedness measures such as guidance on implementing critical cybersecurity practices. Secondly, the Member States may also introduce Cybersecurity Vouchers to provide financial assistance to micro, small, and medium-sized hospitals and healthcare providers. Finally, EU will also develop cybersecurity learning resources for healthcare professionals.
- Better detection and identification of threats. The Cybersecurity Support Centre for hospitals and healthcare providers will develop an EU-wide early warning service, delivering near-real-time alerts on potential cyber threats, by 2026.
- Response to Cyberattacks to minimise impact. The plan proposes a rapid response service for the health sector under the EU Cybersecurity Reserve. Established in the Cyber Solidarity Act, the Reserve provides incident response services from trusted private service providers.
- Deterrence: Protecting European healthcare systems by deterring cyber threat actors from attacking them. This includes the use of the Cyber Diplomacy Toolbox, a joint EU diplomatic response to malicious cyber activities.
The Action Plan will be implemented together with healthcare providers, Member States, and the cybersecurity community, and the Commission will soon launch a public consultation.
