A healthcare sector resilient to cyber threats Digitalisation has revolutionised healthcare, improving patient services through innovations such as electronic health records, telemedicine, and AI-driven diagnostics. However, cyberattacks can have severe consequences, including delays in medical procedures, gridlocks in emergency rooms, and disruptions to vital services.The healthcare sector is one of the most targeted by cyberattacks, with an increasing number of incidents in recent years — more than in any other critical sector in the EU. Key figures 309 incidents affecting cybersecurity in the health sector were reported in 202354% of cyberattacks in the health sector involve ransomware To address this, the EU is taking action to protect healthcare as critical infrastructure. A new European action plan aims to ensure that healthcare systems, institutions, and connected medical devices are resilient against cyber threats, safeguarding patient safety and trust in digital.The action plan was among the first initiatives that the Commission presented during the first 100 days of the new mandate, as announced by President von der Leyen in her political guidelines. What does the action plan propose? The European action plan builds on existing legislation and aims to establish a pan-European cybersecurity support centre for hospitals and healthcare providers, offering tailored guidance, tools, services, and training. It is based on 4 priorities:Enhanced prevention. The plan helps to build the healthcare sector's capacities to prevent cybersecurity incidents through enhanced preparedness measures such as guidance on implementing critical cybersecurity practices. Secondly, the Member States may also introduce cybersecurity vouchers to provide financial assistance to micro, small, and medium-sized hospitals and healthcare providers. Finally, EU will also develop cybersecurity learning resources for healthcare professionals.Better detection and identification of threats. The cybersecurity support centre for hospitals and healthcare providers will develop an EU-wide early warning service, delivering near-real-time alerts on potential cyber threats, by 2026.Response to cyberattacks to minimise impact. The plan proposes a rapid response service for the health sector under the EU cybersecurity reserve. Established in the Cyber Solidarity Act, the reserve provides incident response services from trusted private service providers. As part of the plan, national cybersecurity exercises can take place along with the development of playbooks to guide healthcare organisations to respond to specific cybersecurity threats, including ransomware. Member States are encouraged to request reporting of ransom payments from entities, to be able to provide them the support they need and allow follow-up by law enforcement authorities.Deterrence: protecting European healthcare systems by deterring cyber threat actors from attacking them. This includes the use of the cyber diplomacy toolbox, a joint EU diplomatic response to malicious cyber activities. What's in it for you?The action plan will create a safer and more secure environment for patients, ensuring that: personal data and medical records are protectedhealthcare services are not disrupted by cyberattackstrust is strengthened in healthcare providers, who are taking steps to prevent and respond to cyber threats How will it work? The action plan will be implemented in close collaboration with healthcare providers, the healthcare sector, Member States and the cybersecurity community, with the European Union Agency for Cybersecurity (ENISA) at its centre.The Commission ran a targeted consultation for the action plan in 2025 that collected views from relevant parties and citizens. The results of this consultation are published in a summary report. Next steps 2025 Q1Set up a joint health cybersecurity advisory board2025 Q2Begin work to establish a European cybersecurity support centre for hospitals and healthcare providersLaunch of a stakeholder consultation – results summary2025 Q4 First meeting of joint health cybersecurity advisory boardPresent recommendations to further refine the action plan2025-2026Roll out specific actions outlined in the planCarry out an annual health cyber maturity assessment Related links A new plan for Europe's sustainable prosperity and competitivenessAction plan on the cybersecurity of hospitals and healthcare providersCybersecurityEuropean Union Agency for Cybersecurity (ENISA) This page was last updated on 12 March 2026
Digitalisation has revolutionised healthcare, improving patient services through innovations such as electronic health records, telemedicine, and AI-driven diagnostics. However, cyberattacks can have severe consequences, including delays in medical procedures, gridlocks in emergency rooms, and disruptions to vital services.The healthcare sector is one of the most targeted by cyberattacks, with an increasing number of incidents in recent years — more than in any other critical sector in the EU.
It is based on 4 priorities:Enhanced prevention. The plan helps to build the healthcare sector's capacities to prevent cybersecurity incidents through enhanced preparedness measures such as guidance on implementing critical cybersecurity practices. Secondly, the Member States may also introduce cybersecurity vouchers to provide financial assistance to micro, small, and medium-sized hospitals and healthcare providers. Finally, EU will also develop cybersecurity learning resources for healthcare professionals.Better detection and identification of threats. The cybersecurity support centre for hospitals and healthcare providers will develop an EU-wide early warning service, delivering near-real-time alerts on potential cyber threats, by 2026.Response to cyberattacks to minimise impact. The plan proposes a rapid response service for the health sector under the EU cybersecurity reserve. Established in the Cyber Solidarity Act, the reserve provides incident response services from trusted private service providers. As part of the plan, national cybersecurity exercises can take place along with the development of playbooks to guide healthcare organisations to respond to specific cybersecurity threats, including ransomware. Member States are encouraged to request reporting of ransom payments from entities, to be able to provide them the support they need and allow follow-up by law enforcement authorities.Deterrence: protecting European healthcare systems by deterring cyber threat actors from attacking them. This includes the use of the cyber diplomacy toolbox, a joint EU diplomatic response to malicious cyber activities.
