The European Commission is presenting an action plan to strengthen cybersecurity in healthcare as one of its key priorities in the first 100 days of the commission’s new mandate.The healthcare sector has been under increasing pressure from cyberattacks in the past few years, with 309 cybersecurity incidents reported by member states in 2023. Ransomware tops the list of cyber threats for healthcare organizations, as cybercriminals recognize healthcare operations are critical and healthcare data is highly sensitive.The EU’s Action Plan for hospitals and healthcare providers is the first sector-specific plan to use all EU cybersecurity measures.New EU Commissioner for Technical Security and Democracy Henna Virkkunen said that modern healthcare has made incredible progress through digital transformation, which has meant that citizens have received better healthcare.”Unfortunately, healthcare systems are also exposed to cybersecurity incidents and threats. That is why we are launching an action plan to ensure that healthcare systems, institutions and connected medical devices are resilient,” she said. “Prevention is better than cure, so we must prevent cyberattacks from happening. But if they do happen, we must have everything in place to detect them and to be able to respond quickly and recover.”One of the proposals is for EU cybersecurity agency Enisa to establish a support center where hospitals and other healthcare providers can receive guidance, tools, services, and training.The plan consists of four basic priorities.Firstly, it is about improving preventive work, for example by providing guidance on how to implement critical cybersecurity practices. Member states should introduce cybersecurity vouchers to financially support small and midsize hospitals and healthcare providers and train healthcare staff in cybersecurity.In order to be able to react more quickly, it is proposed that a service to warn of potential cyber threats in near real-time should be in place by 2026.Third, it aims to strengthen the response to attacks to reduce damage by providing incident management services from trusted private service providers. Member states are also encouraged to require the reporting of extortion payments.The fourth and final area is about deterring threat actors by going on the offensive against them and using the tools available for cyber diplomacy, which means a joint diplomatic response from the EU against malicious cyber activity.A public consultation on the new action plan between EU states, healthcare providers, and the cybersecurity industry is under way, with further recommendations expected by the end of the year. Specific measures are expected to be introduced in 2025 and 2026.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3805122/healthcare-most-vulnerable-to-cyber-threats-eu-launches-action-plan.html
