Skip to content

European action plan on the cybersecurity of hospitals and healthcare providers

This action plan predominantly focuses on the cybersecurity of hospitals and healthcare providers, understood as any natural or legal person -- or any other entity -- legally providing healthcare on the territory of a Member State3. Hospitals and healthcare providers are interdependent with other health entities, and they are closest to people. At the same time, measures to enhance the cybersecurity of hospitals and healthcare providers should also address risks affecting the broader supply chain and ecosystem, stemming for instance from entities that use health data for research and machine learning or that produce medical devices, in particular digitally enabled medical devices that connect to the internet or other devices ("internet of things").

The focus of the Action Plan is on building the sector's capacities to prevent cybersecurity incidents in the first place, because prevention is always better than the cure. Secondly, the Action Plan details actions to improve cybersecurity information-sharing and capability to detect cyber threats, allowing a faster reaction. Thirdly, it provides measures to better respond to incidents, and to recover from them. Finally, the Action Plan envisages ways to deter cyber threat actors from launching attacks against health systems in Europe.

::: admonition Info