Ursula von der Leyen’s European Commission announced an “action plan” January 15 to respond to a sharp rise in cyberattacks against the EU health sector–but the plan did not include any funding.
Saying funding for cybersecurity was “limited” and “a universal challenge across the EU”, the plan called for establishing a European Cybersecurity Support Centre for hospitals and healthcare providers.
The centre, though, would not actually offer any support itself.
It would, instead, create “a comprehensive service catalogue catering to the needs of hospitals and healthcare providers, outlining the range of available services for preparedness, prevention, detection, and response”.
“There can be no secure healthcare without cybersecurity,” said EU healthcare commissioner Oliver Varhelyi, who noted one in two European hospitals had fallen victim to a cyber attack.
France, Belgium, Spain, and Romania each saw ransomware attacks upon their hospitals in 2023 and 2024.
A February 2024 attack on France on two health insurance companies saw personal data of approximately 33 million people, or half France’s population, compromised.
In March 2023, Barcelona’s main hospital cancelled thousands of appointments, after a ransomware attack left staff unable to access patients’ medical records.
In January 2024, 25 Romanian hospitals found their data was encrypted, with hackers requesting 3.5 bitcoin ($170,000 at the time) to decrypt it.
EU members had 309 significant cybersecurity incidents in their health sector in 2023, more than any other sector, the plan said.
Europe was now “the primary target for digital warfare,” with an 18 per cent annual increase in 2024 in the number of cyber-extortion incidents affecting European victims, said Swedish cybersecurity CEO Igor van Gemert in a LinkedIn post.
A European Commission account hailed the move as “a ground breaking action plan” on January 16.
The EU’s response to cyberattacks has not, though, drawn universal praise.
“Civil society has watched in puzzled wonderment as Europe sleepwalks into a mercenary spyware crisis,” researcher John Scott-Railton from the University of Toronto told the UN Security Council on January 14.
“Europe is an epicentre of spyware abuses and increasingly playing host to spyware companies,” he added.
The US had taken the global lead in countering ransomware botnets so far, admitted the EU cybersecurity agency ENISA in its September 2024 “Threat Landscape” report.
Qakbot, “one of the largest and longest-running botnets to date”, was taken down in August 2023 after a law enforcement operation led by the FBI.
The action plan now entered a consultation period, before the Commission refines its ideas “in the fourth quarter of 2025”, after which the “comprehensive service catalogue” will appear.
