From ransomware to statecraft: Protecting EU healthcare in the new threat landscape
Recent cyberattacks against the EU’s health infrastructure form part of broader hybrid warfare efforts to intimidate, destabilise and test Europe’s resolve, chiefly led by Russia. As digital health and artificial intelligence (AI) reshape healthcare across the EU, the cyberattack surface expands, raising the stakes of ensuring health systems’ adequate defence. Disinformation further acts as a force multiplier: when hospitals are targeted, false claims about patient data breaches or compromised medical records can amplify public anxiety, erode trust in healthcare institutions and compound the effects of low health literacy. Together, these factors add to the pressures hospitals face and underscore the urgent need to bolster Europe’s societal preparedness, particularly in the health sector.
Since 2023, pro-Russia hacker groups – such as Killnet and Anonymous Sudan – have launched a series of coordinated Distributed Denial-of-Service (DDoS) attacks on hospitals and health authorities in Denmark, the Netherlands, Spain and Sweden. Ransomware attacks across Europe are particularly damaging, accounting for 71% cyberattacks that disrupt patient care,6 such as delaying treatment or diagnosis. In 2024 alone, at least 289 cybersecurity incidents affected EU healthcare providers – more than in any other essential sector.
The cost of inaction is staggering. Major security incidents running an average of ¤300,000 each, meaning the cumulative financial burden on EU health system may run into the billions. The consequences extend beyond budgets: compromised patient data, care disruptions, treatment delays – or worse, even death.
Against this backdrop, the European Commission’s January 2025 Action Plan on the Cybersecurity of Hospitals and Healthcare Providers represents a pivotal opportunity to strengthen the EU healthcare sector’s cyber resilience. Building upon the existing legislative framework, the Plan charts a path to protect EU health systems and ensure citizens’ safety, aligning with the goals of the EU Internal Security Strategy12 and echoing the Health Emergency Preparedness and Response (HERA)’s cross-border threat management mandate. Ahead of the Commission’s recommendations to refine the Action Plan, expected by the end of 2025, this Brief examines three essential enablers to achieving robust healthcare cybersecurity across the EU amidst evolving threats. These include using AI for real-time detection and response to cyber threats, enhancing cooperation between member states to tackle cross-border vulnerabilities and fostering best-practice exchange and workforce preparedness.
Read the full Policy Brief here.
Samuel Goodger is Policy Analyst in the Social Europe and Wellbeing Programme.
Elizabeth Kuiper is Associate Director and Head of the Social Europe and Wellbeing Programme.
This Policy Brief is part of the EPC’s Coalition on Health, Ethics and Society project, financially supported by Johnson and Johnson. The support the European Policy Centre receives for its ongoing operations, or specifically for its publications, does not constitute an endorsement of their contents, which reflect the views of the author only. Supporters and partners cannot be held responsible for any use that may be made of the information contained therein.
