By Marilena Panayi

Copyright philenews

European hospitals and healthcare systems have become the primary target of cyberattacks, accounting for 71% of all recorded cyber incidents across the continent, with Russia and China identified as the main sources of these attacks.

The European Union recorded 309 significant cybersecurity incidents in the healthcare sector during 2023 alone, representing more attacks than any other critical infrastructure sector.

Government officials revealed that whilst Russia and China remain the primary sources, hackers have also been traced to India, Pakistan and other countries.

“The health sector faces similar trends regarding cybersecurity threats, with a strong emphasis on ransomware attacks,” according to the European Commission’s action plan for strengthening hospital cybersecurity.

Ransomware accounts for 54% of healthcare cyber incidents

Ransomware represented 54% of cybersecurity incidents analysed in the healthcare sector between 2021-2023, according to the Commission’s data.

These attacks specifically target personal patient data theft, healthcare service disruption and financial exploitation through breaches of medical devices and data systems.

Financial motivation drove 83% of attacks due to the high value of healthcare data, whilst 10% were ideologically motivated.

A 2024 Commission report found that 71% of attacks impacting patient care, including delayed treatment, diagnosis, and restricted emergency service access, involved ransomware.

“Ransomware attacks can particularly disrupt healthcare service delivery, endangering patient safety,” the action plan states. “Additionally, ransomware attacks are often combined with patient data breaches, which frequently include sensitive health-related data and violate people’s fundamental right to personal data protection.”

European Commission develops action plan to strengthen hospital cybersecurity

The increasing digitalisation and connectivity of healthcare systems have expanded attack surfaces, making hospitals attractive targets for cybercriminals, government representatives explained to the parliamentary Health committee.

The European Commission’s action plan aims to strengthen healthcare system resilience and ensure patient personal data protection alongside uninterrupted healthcare service delivery.

The plan’s core pillars focus on prevention, detection, response and deterrence of cyberattacks.

Cyprus announces participation in EU cybersecurity initiative

Representatives from Cyprus’s Health Ministry, Research Innovation and Digital Policy Ministry, National eHealth Authority, Digital Security Authority and the European Commission’s Cyprus office participated in yesterday’s parliamentary session.

The meeting discussed Cyprus’s announcement to European institutions regarding the European Action Plan.

The announcement provides for strengthening prevention, detection, response and recovery from attacks; establishing a European Support Centre; creating an early warning system and enhancing cooperation between states, health providers and industry.