Dedicated action to reinforcing hospitals and healthcare providers

• Mapping of common cybersecurity needs of hospitals and healthcare providers.
• Guidelines for healthcare providers to assess their current state of cybersecurity protection and relevant needs.
• Technical cybersecurity plans to enhance preparedness and cyber resilience: improved detection and response capabilities for healthcare institutions minimising the impact of cyberattacks, particularly for ransomware. This also includes dedicated training courses to staff.
• Pilot cybersecurity demo installations at partner hospitals and healthcare provider sites to ensure hospitals and healthcare providers can maintain operational continuity in the face of cybersecurity incidents. This should be monitored through specific KPIs.
• Wide dissemination campaigns to help scale up preparedness of hospitals and healthcare providers in Europe.

This action aims to strengthen the cybersecurity of hospitals and healthcare providers. The goal is to ensure that hospitals and healthcare providers, which are crucial operators in the health sector, can effectively detect, monitor, and respond to cyber threats, particularly ransomware, which pose significant risks, thereby enhancing the resilience of the European healthcare system.

The action will contribute to the EU action plan on cybersecurity in hospitals and healthcare, adopted by the Commission¹ in January 2025.

¹ https://commission.europa.eu/cybersecurity-healthcare_en

This action addresses the growing need for continuous cybersecurity monitoring, threat intelligence, and incident response in hospitals and healthcare providers, which often lack dedicated cybersecurity resources to adequately protect themselves from cyber threats.

The action will support pilot projects, which will bring together stakeholders such as regional and/or national clusters associations¹ of hospitals and healthcare providers (such as national healthcare systems, hospitals or associations of hospitals, healthcare providers and/or professional associations of healthcare practitioners), as well as cybersecurity service providers.

The pilot projects will define the state of preparedness of clusters of hospitals and healthcare providers in the European Union, to be able to assess their needs. Based on this analysis, they will prepare an overview of the state-of-the-art cybersecurity solutions and resources needed (technologies, services, tools, human resources, training needs, etc.) for hospitals and healthcare providers to meet the scope of the action. These may include, for example: Security Operation Centres offering real-time monitoring, threat detection, and rapid incident response, and advanced cybersecurity tools, such as Security Information and Event Management (SIEM) platforms, threat intelligence, and automated response capabilities, among others.

The pilots will develop technical plans, tailored to the needs of representative hospitals and healthcare providers (e.g. small or large hospitals, private healthcare providers, etc.) which will also need to include best implementation recommendations and cost estimates for effective deployment.

The pilot projects will conduct a demo implementation of these technical plans to demonstrate their effectiveness in operations at the stakeholders’ sites, showcasing different use cases for different user groups at small, medium and large hospitals and healthcare providers, at least in two different Member States.

The pilot projects will serve as demonstration projects and will also provide cybersecurity education and training to the staff of their partner hospitals and healthcare providers, enhancing awareness and ensuring best practices in safeguarding sensitive healthcare information.

Finally, in cooperation with each other, the pilot projects will undertake wide dissemination activities of best practices across the EU, with the specific goal of helping replicate and scale up the pilots’ activities as widely as possible.

The pilot projects will support healthcare institutions complying with the NIS 2 Directive.

¹ ‘Cluster associations’ refers to any legally established group of hospitals and healthcare providers, such as regions and professional associations established in one or more Member States.