European action plan on the cybersecurity of hospitals and healthcare providers - Related links

European Commission & Joint Research Centre

Most recent actions

• Action plan on cybersecurity of hospitals and healthcare providers – European Commission Communication (15 January 2025);
• Cybersecurity of hospitals and healthcare providers – European Commission Fact sheet (15 January 2025);

Other actions

• How to master Europe's digital infrastructure needs? – European Commission White Paper (2024);
• State of Digital Decade 2024 – European Commission Communication (2 July 2024);
• Laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents (Cyber solidarity Act) - European Commission Proposal for a Regulation (18 April 2023)
• Establishing a European Declaration on Digital rights and principles for the Digital Decade – European Commission Communication (26 January 2022);
• 2030 Digital Compass: the European way for the Digital Decade – European Commission Communication (9 March 2021).

JRC

• Cyber security in the health and medicine sector: a study on available evidence of patient health consequences resulting from cyber incidents in healthcare settings - Joint Research Centre Report (2024) ;

European Parliament and Council of the European Union

• Artificial intelligence (AI) act: Council gives final green light to the first worldwide rules on AI - Consilium (Press releases – 2024);
• Future-proofing the EU’s global health strategy (In-depth analysis, 2024) ;
• European health data space (Briefing – 2024)
• Medicines and Medical Devices (Fact Sheet – 2024);
• The protection of mental privacy in the area of neuroscience – Societal, legal and ethical challenges (Study – 2024) ;
• Artificial Intellingence in healthcare (Study – 2022);
• Measures for a high common level of cybersecurity across the Union (NIS 2 Directive) – Directive (14 December 2022);
• Metaverse (2022);
• Path to the digital decade programme (briefing – 2022);
• Artificial intelligence act (Briefing – 2021).
• The EU Cybersecurity Act (Summary of Regulation (EU) 2019/881 (Cybersecurity Act) – 2019)
• Digitalisation and Big Data : Implications for the health sector (Workshop – 2018) ;

Additional Articles, Studies and Reports

ENISA

• State of Cybersecurity in the Union, Report ENISA (2024);
• Foresight Cybersecurity threats for 2030, Executive Summary, ENISA (2024);
• Cybersecurity Policy Assessment, Report, ENISA (2024);
• ENISA Threat Landscape: Health Sector (2023);
• Cybersecurity and Privacy in AI – Medical Imaging Diagnosis, Report, ENISA (2023);
• A governance framework for national cybersecurity strategies, Report, ENISA (2023);
• Cloud Security for Healthcare Services Report, ENISA (2021);
• CSIRT Capabilities in Healthcare sectors, Report, ENISA (2021);
• Procurement Guidelines for Cybersecurity in Hospitals, Report, ENISA (2020).

PANACEA Healthcare Cybersecurity Advisory Services

• Cyberthreats in Hospitals: a Toolkit for People-Centric Cybersecurity, Article, PANACEA (2021);
• Cyber-risk in Healthcare: Exploring Facilitators and Barriers to Secure Behaviour, Article, PANACEA (2020);
• Cybersecurity in healthcare : a narrative review of trends, threats and ways forward, Report, PANACEA (2018).

International Organisations

• Health Data Governance for the Digital Age (OECD, 2016 – 2021);
• Recommendations on Digital interventions for health system strengthening (WHO, 2019).

National Agencies

• Cybersécurité acceleration et Résilience des Établissements (CaRE) -Action Plan, French Digital Health Agency (2023);
• Healthcare sector cybersecurity – Strategy of the U.S Department of Health and Human Services - Action plan, USA Department of Health and Human Services (December 2023).

Private sectors

• Microsoft Digital Defense Report 2024 (Report, Microsoft – 2024).

European Economic and Social Committee

General

• CCMI/231: The contribution of the robotics metaverse in the medical sector (Ongoing - 2025);
• SOC/801: Devising a European flagship initiative for health (2024);
• SOC/790: Fostering opportunities and managing risks from new technologies for public services, the organisation of work and more equal and inclusive societies | EESC (2024);
• CCMI/235: Industrial changes in the health sector in the face of multiplying crises (2024)
• CCMI/202: Proposal for an EU cyber defence policy | EESC (2023);
• CCMI/217: Cyber Solidarity Act (2023)
• CCMI/195: Implications of the European Chips Act for defence and aerospace manufacturing | EESC (2022);
• INT/990: European Health Data Space | EESC (2022);
• INT/999: Cyber Resilience Act (2022) ;
• INT/980: Digital Sovereignty: a crucial pillar for EU’s digitalisation and growth | EESC (2022);
• INT/978: Data act | EESC (2022);
• INT/976: Digital Decade Principles | EESC (2022);
• INT/961: Decision of the European Parliament and of the Council establishing the 2030 Policy Programme “Path to the Digital Decade” | EESC (2022);
• INT/945: Developing Artificial Intelligence in European micro, small and medium-sized enterprises (MSMEs) | EESC (2022);
• INT/942: Exploiting the economic and social opportunities of digitalisation and improving the digital transformation of the economy, especially the SMEs, focusing on human-centered artificial intelligence and data | EESC (2021);
• TEN/730: Cybersecurity and Resilience of Critical Entities (2021) ;
• CCMI/165 : Economic, technological and social changes in advanced health services for the elderly (2019);
• TEN/646: Cybersecurity Act (2018) ;
• CCMI/128: Biomedical engineering and care services | EESC (2015).