European action plan on the cybersecurity of hospitals and healthcare providers

Key points

The EESC:

• welcomes the level of ambition of the European action plan on the cybersecurity of hospitals and healthcare providers and the attention being given to this subject. Improving cybersecurity in the health sector improves general security and resilience and contributes to the Preparedness Union.
• regrets that the issue of financial support for the implementation of the action plan currently remains unaddressed. The EESC encourages the Commission to assure a thematic concentration for financial support via the cohesion funds;
• notes the EUR 6 million in support for ENISA, but underlines that the funding is inadequate in view of the importance of what is at stake;
• recommends raising awareness of basic digital hygiene practices; investing in digital twins for hospitals, healthcare systems or medical devices to facilitate assurance and testing; providing technical assistance to medical units without IT services; investing in strategic technical capabilities;
• wishes to draw attention to a set of precautionary and preventive measures that should improve the level of protection in the healthcare sector and reduce the risk of cyberattacks: carrying out appropriate tests; development of business continuity plans, updated and reviewed regularly, both internally and externally by independent auditors; monitoring best practice in monitoring and remediation;
• recommends continuous learning and training plans developed with the social partners, and mechanisms for knowledge transfer between the diverse entities and professional stakeholders to address challenges in cybersecurity, ethics, privacy and AI.