National governments reported 309 significant cybersecurity incidents affecting the health care sector in 2023 — more than in any other critical sector, the Commission said.
The plan is a key pledge of Commission President Ursula von der Leyen — a medical doctor herself — to be completed during the first 100 days of her second term.
The plan proposes setting up a European Cybersecurity Support Center for hospitals and the health care sector at the EU’s cybersecurity agency ENISA. That support center will provide tools and services including an early warning system, testing and assessing hospitals’ cybersecurity standards, sharing information about vulnerabilities that hackers are exploiting and guidance on how to respond to incidents.
ENISA will get extra funding for this, an EU official granted anonimity to discuss details of the plan told reporters in Brussels. But exactly how much funding — like many other elements of the plan — is yet to be decided.
Asked whether the plan will involve new funding, Virkkunen said that “always more funding would be welcome,” adding this is something that will be discussed in upcoming consultations with EU countries.
The Commission also plans to set up a rapid response service specifically for the health sector, to be organized via the EU Cybersecurity Reserve, an emergency response mechanism that’s part of another EU cyber law, the Cyber Solidarity Act.
