The digital transformation of healthcare—through innovations like electronic health records, telemedicine, and AI-powered diagnostics—is significantly improving service quality. However, it also increases the risk of cyberattacks that can disrupt critical operations, cause delays, and even endanger patients’ lives.
According to European Commission data, the healthcare sector recorded 309 major cybersecurity incidents in 2023, more than any other critical sector.
EU action plan
In response to this growing threat, the European Commission has issued an announcement titled “European Action Plan for the Cybersecurity of Hospitals and Healthcare Providers” shared with the European Parliament, the Council, the European Economic and European Economic and Social Committee, as well as the Committee of the Regions
At the same time, the EU Agency for Cybersecurity (ENISA) is set to establish a pan-European Support Hub to offer tailored guidance, tools, services, and training to healthcare providers across the EU.
The action plan and relevant national-level measures to protect Cyprus’ hospitals from cyber threats were discussed yesterday in the House Health Committee, in the presence of representatives from the Ministry of Health, the Deputy Ministry of Research, Innovation and Digital Policy, the National eHealth Authority, the Digital Security Authority (DSA), and the European Commission Representation in Cyprus.
The EU’s four strategic pillars:
Prevention
The Commission proposes readiness measures including guidance on implementing essential cybersecurity practices and the development of learning resources for healthcare professionals. A “cybersecurity voucher” scheme is also being considered to support small and medium-sized hospitals and care providers financially.
Detection and Early Warning
By 2026, the Cybersecurity Support Hub will launch a pan-European early warning system, providing near real-time information on potential cyber threats to hospitals and healthcare institutions.
Response to Cyberattacks
The action plan includes the establishment of a rapid response service within the EU’s cybersecurity reserve to handle incidents in the healthcare sector. Trusted private providers will be mobilised to manage emergencies. National cybersecurity exercises will also be carried out, along with the publication of response handbooks for specific threats such as ransomware. Member states are encouraged to report any ransom payments, facilitating law enforcement efforts and support.
Deterrence
The EU’s cyber diplomacy toolbox will be used to strengthen deterrence. This framework allows for a unified diplomatic response to malicious cyber activities targeting Europe’s health systems.