Health

The health sector has been increasingly targeted following the Covid-19 pandemic which made the it even more vulnerable to cyberattacks as EU citizens had to extensively resort to online services, thus expanding the attack surface and giving rise to ransomware and phishing attacks. 

Cybersecurity in the health sector has been a priority for ENISA over the years and especially since the outbreak of the Covid-19 pandemic. ENISA has engaged in a substantial range of activities to support the health sector, including the publications of good practices for essential entities in the sector, raising awareness and building cybersecurity capabilities, as well as providing assistance to the Member States for the implementation of NIS provisions.
As such, a dedicated NIS Cooperation Group Workstream on Health was established to provide guidance to the Member States and to monitor the implementation of the NIS provisions. ENISA actively contributes to the workstream’s activities and deliverables. ENISA also engages with the industry, by contributing to the activities of the EU Health ISAC. Moreover, in order to bring the health community together, ENISA organises the annual cybersecurity conference, inviting experts to share their insights on legislative developments and the evolving threat landscape.

In 2023, ENISA released a threat landscape report for health, covering publicly reported cyber incidents from January 2021 to March 2023. According to the analysis, top threats to the health sector include ransomware (54% of attacks), followed by Denial of Service (DDoS) attacks. For 53% of the analysed incidents, healthcare providers were the most affected and in particular hospitals. Based on the health-related incidents analysed for the ENISA Threat Landscape in 2024, 45% of them related to ransomware attacks and 28% being data breaches. Also, as per the significant NIS incidents reported by Member States through ENISA’s Cybersecurity Incident Reporting and Analysis System (CIRAS), health is the most affected sector for four years in a row (2020-2023).

The recent regulatory advancements, including the transposition of NIS2 and the upcoming European Health Data Space (EHDS), have brought cybersecurity in the health sector and the challenges of health data sharing into sharper focus. In line with the commitment set out by President Von der Leyen's political guidelines for the new Commission’s mandate for 2024-2029, the EU Action Plan for the cybersecurity of hospitals and healthcare providers was proposed on January 2025. Particularly, the Action Plan proposes ENISA to establish a pan-European Cybersecurity Support Centre for hospitals and healthcare providers, designed to provide them with tailored guidance, tools, services and training. Among others, the proposed tasks include the development of guidance for cybersecurity good practices and procurement, the development of a regulatory mapping tool, the establishment of EU capabilities for detecting cyber threats against the health sector, to introduce an early warning service for the sector, the development of cyber incident response playbooks.

Given how critical healthcare services are for society, it is important to analyse how secure systems and infrastructures are in order to provide efficient and reliable healthcare services. ENISA will further support the continuous process of strengthening the cybersecurity maturity of the EU's Health Sector. ENISA welcomes the initiative and remains committed to collaborating with the European Commission, the Member States, healthcare providers and the cybersecurity community to strengthen the sector’s digital infrastructure and ensure its resilience to cyber threats. 

The EU Health ISAC 
The European Health Information Sharing & Analyses Center (EH-ISAC) is a collective of European healthcare organisations, national and sectoral CSIRTS and ENISA, focusing on improving cybersecurity and resilience within the health sector across the European Union. 

Working in a highly targeted sector, it is key to be updated with essential information to protect the safety and security of the patients and clients. Sharing IOC’s, vulnerabilities and best practices is vital for preventing incidents and building defences against threats.

The EH-ISAC’s board consists of 5 members, all of them working at participating entities. Currently there are 32 members, coming from 12 countries and 20 organizations to form the solid base of the EH-ISAC. Contribution both at board level and at the members’ level is voluntary. The board meets on a regular basis, at least once a month and the ISAC meets twice a year, one of which meetings is in close cooperation with the international Health-ISAC (H-ISAC). 

Mission and Objectives

• Access to a trusted community of cyber professionals familiar with health care.

• The opportunity to join the Health Detection Network (HDN), a MIPS based network in which we share IOC’s amongst members and partners. 

• Access to information, presentation, documents, reports, guidelines and working together on best practices.
• Access to the European summits of partner H-ISAC and a closer connection with the community in the industry.

Membership
Excited to become part of the EH-ISAC? Please reach out to [email protected]

For the time being, joining is at no cost. Your commitment and contribution to the ISAC’s goals, projects and initiatives is required, as well as participation at one of the two annual physical meetings at a minimum.