On January 15, 2024, the European Commission unveiled a new initiative aimed at enhancing the cybersecurity of hospitals and healthcare providers across the EU. The European Action Plan on the Cybersecurity of Hospitals and Healthcare Providers focuses on boosting threat detection, preparedness, and crisis response within the healthcare sector.
The plan outlines a series of tailored actions to provide hospitals and healthcare organizations with the tools, services, training, and guidance needed to tackle increasing cybersecurity challenges. This initiative is the first sector-specific program to deploy the full range of EU cybersecurity measures. Key actions will be rolled out progressively in 2025 and 2026, with collaboration from Member States, healthcare providers, and the cybersecurity community.
Enhanced Ransomware Reporting
One of the significant measures proposed is that healthcare organizations, under the NIS2 Directive, will be required to report ransom payments when reporting cyber incidents. This change, aimed at gathering crucial data for investigating ransomware attacks, will help improve the effectiveness of cybersecurity measures across the sector.
Addressing Supply Chain Security
The Action Plan also highlights the growing challenge of managing ICT supply chains for connected medical devices and electronic health records. A coordinated security risk assessment of medical device supply chains will be conducted to identify risks and propose mitigating strategies.
Establishment of a European Cybersecurity Support Centre
A new European Cybersecurity Support Centre will be created within ENISA to support hospitals and healthcare providers. The Centre will develop guidelines for secure procurement, including managing third-party risks and overseeing cloud-based patient data systems.
Addressing the Cybersecurity Skills Gap
The Action Plan recognizes the urgent need to increase the number of qualified cybersecurity professionals in the healthcare sector. To address this, the plan promotes reskilling and upskilling, alongside the creation of a European Health CISOs Network for knowledge-sharing and collaboration.
Public-Private Collaboration
Public-private partnerships are emphasized throughout the plan, with the Commission set to establish a Health Cybersecurity Advisory Board. This Board will include representatives from both the healthcare and cybersecurity industries, ensuring that both sectors work together to strengthen resilience.
This new action plan marks a critical step in securing the healthcare sector’s digital infrastructure and ensuring that hospitals, clinics, and other healthcare providers are better prepared for evolving cyber threats. With specific measures rolling out over the next few years, the EU is poised to significantly enhance the cybersecurity posture of the healthcare industry, ensuring the safety of patient data and services across Europe.
The plan calls for coordinated efforts, ensuring that all stakeholders - government bodies, healthcare providers, and cybersecurity experts - work in unison to build a more secure healthcare environment. As this initiative progresses, industry stakeholders will have opportunities to engage, share insights, and help shape the future of healthcare cybersecurity in Europe.
|
TikoBits: Secure EU Funding! 💡
Do you have an idea for a project in this area and want to secure EU funding? Reach out to Tiko Pro - we specialize in guiding projects through the complex EU funding process and turning your vision into a successful reality. Follow us on LinkedIn and subscribe to our newsletter.
|