27/08/2025
Cyber criminals have made Europe’s healthcare sector one of their favourite targets, with ransomware and supply chain attacks putting hospitals and patients at serious risk.
Earlier this year, we shared our first take in Healthcare Security: The EU’s Action Plan.
This healthcare security update looks at how the plan is being phased in over the next two years and what healthcare organisations should expect beyond 2026. This plan is not just another piece of guidance. It is a coordinated EU-wide initiative designed to strengthen resilience, build skills, and provide rapid support in the event of an attack.
Written by Rob Nidschelm.
What the Action Plan Includes
A European Cybersecurity Support Centre
A dedicated centre will provide direct support to hospitals and other providers. It will act as a hub for incident preparedness, detection, and response. Pilot projects will be launched across member states to test best practices for cyber hygiene, risk assessment, and continuous monitoring.
Mapping the Regulatory Landscape
Healthcare organisations face a patchwork of legislation. The Action Plan includes a regulatory mapping tool to help providers navigate NIS2, GDPR, the Cyber Resilience Act, and other overlapping rules. In parallel, a coordinated risk assessment will be carried out with a focus on medical devices and cloud-based patient data.
Incident Response and the Cybersecurity Reserve
The Cyber Solidarity Act gives hospitals access to trusted private providers in times of crisis. A healthcare-specific cyber playbook will be created, alongside regular EU-level cyber exercises. With ransomware accounting for more than half of healthcare incidents in recent years, the importance of these measures cannot be overstated. Under NIS2, any ransom payments will also need to be reported.
Early Warning System
An EU-wide early warning service will provide near-real-time alerts of threats specific to the healthcare sector. Hospitals will share incident notifications with ENISA via the Support Centre, ensuring that intelligence is rapidly distributed.
Workforce and Governance
Cybersecurity teams in healthcare are chronically understaffed. According to ISC2, three-quarters of professionals highlight staffing gaps as a major risk. To address this, the healthcare security update introduces a European Health CISOs Network to connect leaders, share expertise, and build collective resilience.
Timeline of Key Actions
Phase 1: 2025–2026 (Initial Roll-Out)
| Timeframe | Key Actions |
| January 2025 | Official launch of the Action Plan; consultations with stakeholders begin. |
| Q2 2025 | First pilot projects on hospital cyber hygiene and incident readiness. |
| Mid-2025 | Establishment of the European Cybersecurity Support Centre. |
| Q3 2025 | Roll-out of the EU-wide healthcare early warning service and threat alerts. |
| Q4 2025 | First coordinated supply chain risk assessment; refined recommendations issued. |
| Early 2026 | Release of the healthcare cyber incident response playbook; EU-wide cyber drills begin. |
| Throughout 2026 | Ongoing deployment of respond and recover tools, including rapid response services and decryption repositories. |
Phase 2: Beyond 2026 (Strategic Expansion)
| Timeframe | Key Actions |
| Late 2026 – 2027 | Additional recommendations published by the Commission, building on pilot results and consultations. |
| Post-2026 Ongoing | Continued work of the Health Cybersecurity Advisory Board and national support centres. |
| 2027 and Beyond | Development of a European cybersecurity single market, with clearer budgets, measurable targets, and expanded EU-wide cyber exercises. |
| 2030–2035 | Transition towards post-quantum cryptography adoption across critical healthcare systems. |
| Continuous | Integration of healthcare security into broader EU frameworks, including NIS2, the Cyber Resilience Act, and the Cyber Solidarity Act, with evolving mandates as required. |
Broader Legislative Context
The Action Plan complements recent EU regulations that are reshaping the security landscape:
- NIS2 Directive (in force since December 2022): Expands requirements for essential sectors including healthcare, with harmonised rules for incident reporting.
- Cyber Resilience Act (CRA) (adopted October 2024): Focuses on products with digital elements such as medical devices, requiring vulnerability management and security updates.
- Digital Operational Resilience Act (DORA) (effective January 2025): Targets the financial sector but also impacts ICT service providers in healthcare ecosystems.
Why This Matters
Hospitals cannot afford downtime. A ransomware attack that takes patient records offline or disrupts connected devices can put lives at risk. The EU Action Plan represents a shift from reactive responses to structured resilience building. By creating a support centre, a CISO network, and a playbook backed by real-time intelligence, Europe is taking a major step toward safeguarding healthcare.
At Getronics, we help healthcare providers align with NIS2, DORA, ISO 27001 and sector-specific guidelines. Our Managed Security Services, threat intelligence, and incident response expertise can support organisations as they prepare for the new European landscape. Taking every healthcare security update seriously, to provide consistent, up-to-date support.
