As cyberthreats against healthcare surge, a new EU cybersecurity Action Plan emphasises proactive defense, enhanced training, and collective responsibility to safeguard patient care and medical infrastructure. Ransomware accounts for 54% of all breaches in healthcare, costing healthcare organisations an average of EUR 300,000 per incident, according to The European Union Agency for Cybersecurity (ENISA).
the ENISA report shows widespread cybersecurity deficiencies across healthcare organisations: 95% struggle with risk assessments, and 46% have never conducted one. What's more, 40% lack security awareness training for non-IT staff, and only 27% of organisations have a dedicated ransomware defense program.
The European Commission unveiled a comprehensive Action Plan in January 2025. Central to the commission's strategy is establishing a pan-European Cybersecurity Support Centre under ENISA. The centre will provide healthcare institutions with tailored guidance, tools, training and services, including cybersecurity best practices, regulatory mapping tools, early warning services and incident response playbooks.
For the implementation to be effective, ENISA underscores the importance of collective action, recommending essential cybersecurity checks such as offline encrypted backups, comprehensive awareness training, strong vulnerability management and robust incident response plans.
【MORE】