The European Commission has initiated a consultation on its January Action Plan, which was designed to enhance cybersecurity measures for hospitals and healthcare providers. This process seeks input from healthcare professionals, cybersecurity experts, policymakers, and the public to develop effective strategies for protecting medical data and ensuring healthcare services’ continuity. These contributions are crucial for the development of robust strategies and effective solutions to protect sensitive medical data and ensure the uninterrupted operation of healthcare services.
Interested stakeholders must submit their feedback and suggestions by June 30, as this collaborative effort is vital to strengthening the overall cybersecurity framework within the healthcare sector.
“For the purpose of this survey, we use the term ‘healthcare providers’ to refer to entities legally providing healthcare on the territory of a Member State,” according to the consultation survey document. “This can include hospitals, as well as other healthcare providers (e.g., offices of General Practitioners). Furthermore, the questionnaire offers the opportunity to provide inputs regarding other types of entities in the health sector (e.g., manufacturers of medical devices).”
It identifies that the cybersecurity threat landscape evolves continuously, reflecting geopolitical tensions, criminal opportunism, and the vulnerabilities and risks that accompany the rapid digitalization of the healthcare sector’s critical infrastructure and services. The actions defined in the Action Plan aim to strengthen the cybersecurity maturity of the healthcare sector and the ability of the EU cybersecurity ecosystem to support healthcare entities in preventing, deterring, detecting, and responding to cyber threats.
The EU consultation document said that the survey is targeted at various stakeholders, such as healthcare IT professionals, managers in hospitals and healthcare providers, healthcare professionals, healthcare authorities, patients, compliance and data privacy professionals, cybersecurity and healthcare industry, and academia. Some of the questions in the survey are optional. The multiple-choice questions take approximately 15 minutes to complete. Additionally, they may add further written input.
The Action Plan envisages that a Support Centre for cybersecurity of hospitals and healthcare providers, to be established within the EU Agency for Cybersecurity (ENISA), will develop a catalogue of services supporting preparedness, prevention, detection and response. As a part of the Action Plan, member states should consider targeted measures like cybersecurity vouchers for micro, small and medium-sized hospitals and healthcare providers. These vouchers would provide financial assistance to put in place specific cybersecurity measures. It also covered the Medical Devices Regulation and the Regulation on in-vitro diagnostic medical devices set requirements for cybersecurity of these devices in the internal market.
The Action Plan envisages the creation of a European Health CISOs Network, bringing together Chief Information Security Officers (CISOs) working for healthcare organizations. As a part of the Action Plan, the Support Centre should introduce an EU-wide early warning subscription service for the health sector, delivering near-real-time alerts about cyber threats. Organizations do not need to pay a subscription fee to benefit from the subscription service.
The EU Cybersecurity Reserve provides incident response services from trusted private providers to assist with significant or large-scale cybersecurity incidents and initial recovery efforts. The EU Cybersecurity Reserve should include a Rapid Response Service specifically for the health sector. Member States are encouraged to create national action plans focused on cybersecurity in the health sector.
The ENISA Support Centre can assist in developing these plans, taking into account already existing national plans and coordinating efforts to ensure that the resources and strategies of individual Member States complement each other. The Commission will launch a Health Cybersecurity Advisory Board with representatives from the healthcare and cybersecurity fields. The Advisory Board can provide its views on impactful actions for cybersecurity in the sector and discuss the further development of public-private partnerships.
Last week, the European Union recognized that its strategic autonomy and influence in space are shaped by evolving geopolitical dynamics, which can range from peaceful cooperation to competition or conflict among global powers. The agency highlights how the geopolitical landscape of space activities affects the EU’s current and future capabilities, with a strong focus on leveraging space for security and defense while addressing space-related risks.
