Answer given by Executive Vice-President Virkkunen on behalf of the European Commission
8.9.2025
In line with its Political Guidelines[1], the Commission adopted in January 2025, a European action plan on the cybersecurity of hospitals and healthcare providers[2].
The action plan sets out a range of measures and practical tools, strengthening the security of our healthcare systems. For example, the European Union Agency for Cybersecurity (ENISA) should develop a comprehensive service catalogue for the needs of hospitals and healthcare providers, outlining available services for preparedness, prevention, detection and response against cybersecurity threats, including ransomware attacks and disruptions of critical medical services .
It also sets out measures for financial support to hospitals and healthcare providers. The European Cybersecurity Competence Centre has opened a call for proposals for a dedicated action to reinforce hospitals and healthcare providers[3].
Member States are encouraged to take measures like Cybersecurity Vouchers for micro, small and medium-sized hospitals and healthcare providers, which could draw from EU funds.
For future actions, the Commission proposal for the European Competitiveness Fund[4] includes a focus on a high level of cybersecurity and on the digital transformation of healthcare.
Health is also a critical sector under Directive 2022/2555[5], which involves cross-border cooperation between Member States in various forums[6].
The action plan calls on ENISA, working with national authorities and drawing from the experiences of hospitals and healthcare providers, to develop a repository of available instruments at European, national and regional levels.
The Commission is committed to these efforts and intends to come forward with recommendations to further refine the action plan.
- [1] Political Guidelines for the Next European Commission 2024-2029 https://commission.europa.eu/document/e6cd4328-673c-4e7a-8683-f63ffb2cf648_en.
- [2] COM(2025) 10 final.
- [3] DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH.
- [4] Proposal for a regulation of the European Parliament and of the Council on establishing the European Competitiveness Fund. COM(2025) 555 final.
- [5] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS2 Directive).
- [6] For example through the Network and Information Systems Cooperation Group . See https://digital-strategy.ec.europa.eu/en/policies/nis-cooperation-group.