The European Union is stepping in to help hospitals and healthcare providers combat increasing cyberattacks.
According to Politico*, the European Commission has unveiled “action plan” to enhance cybersecurity in the sector, which includes additional funding for securing hospitals’ technical infrastructure, guidance on applying existing rules like the EU’s NIS2 cybersecurity directive, and improved information-sharing.
Since the 2020 coronavirus pandemic, the healthcare sector has faced numerous cyberattacks, causing widespread panic in countries like Ireland, France, the UK, and Finland. One notable attack in Germany in 2020 even led to a murder investigation after a patient died during a hospital transfer. Stavros Lambrinidis, the EU’s ambassador to the UN, highlighted the escalating threat of ransomware attacks on healthcare, noting that such attacks occur every 11 seconds and could increase to every 2 seconds by 2031. These attacks jeopardize patient safety, destabilize healthcare systems, and strain hospital budgets, with the median cost of a major security incident in the health sector being €300,000.
The publication of the European Action Plan aims to support EU Member States in countering the scourge of cyberattacks against hospitals and healthcare providers across the bloc. It is saddening that criminals stoop so low as to target the sick and vulnerable.
Of particular interest, the establishment of a European Cybersecurity Support Centre for Hospitals and Healthcare Providers under ENISA, along with the EU-wide early warning service aimed at providing near-real-time alerts for rapid threat detection and a rapid incident response capability. The allocation of dedicated funds to enhance cybersecurity measures, including training and tools, will be appreciated. It is also positive to see active efforts to further enhance collaboration with Europol, particularly through the NoMoreRansom Project, which ESET is part of.
The plan also introduces measures, such as a Cybersecurity Voucher Programme for smaller providers, secure cloud migration support, and enhanced supply chain security under the Cyber Resilience Act. Any initiative that helps this crucial sector fortify itself against such attacks is welcome.
by Andy Garth, ESET
ESET Ireland 