EU Report Calls for More Health-Specific Incident Response

ENISA: As Cyberattacks on Health Sector Grow, Expertise Is Needed

Below are some snippets from Health-ISAC Chief Security Officer, Errol Weiss. Access the full article here:

https://www.healthcareinfosecurity.com/eu-report-calls-for-more-health-specific-incident-response-a-17923

Cyberattacks on the European Union’s healthcare sector grew by nearly 50% in 2020, over 2019, and continue to pose serious threats to patient safety, as well as to the entire health supply chain, says a new European Union Agency for Cybersecurity report assessing computer security incident response among EU members.

To help address those challenges, the ENISA report, among several recommendations, calls for the development of more dedicated, healthcare-sector specific computer security incident response teams, or CSIRTs, in the EU.

Common Struggles

Some experts say the cybersecurity and incident response-related challenges facing healthcare sector entities in the EU are not much different from what healthcare sector entities in the U.S. and elsewhere globally are facing.

“Cyberattacks respect no borders,” says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center in the U.S.

“Our European counterparts are struggling with the same issues we’re dealing with in the U.S. – complex information security issues, lack of experienced resources and insufficient investments in cybersecurity technology and talent,” he says.

The Health-ISAC is working closely with European CERTs and specific country-level Health CERTs to promote information sharing and collaboration globally to help all its members be more resilient against cyberthreats, Weiss says.

In October, Health-ISAC held its second annual European Summit in the Netherlands, he notes.

Weiss says, “Thankfully, we continue to see high energy and willingness to share and collaborate amongst healthcare sector organizations,” including discussions about current trends in healthcare security, third-party risk, ransomware and innovative ways to maintain resilience.

“The good news is, across the health sector globally, we see that the National Institute of Standards and Technology has had fairly reasonable success driving adoption of the NIST Cybersecurity Framework outside the U.S.,” he says.

• Related Resources & News
• Cyber Threats Know No Borders
• Health-ISAC Hacking Healthcare 1-10-2025
• Google’s rural healthcare cybersecurity initiative
• Gen Z is stealing your health data—and the consequences may be worse than you think
• Left to Our Own Devices Podcast #71: Errol Weiss
• 2025 Newsletter – January
• The Year Ahead: What Can We Expect Within the Cybersecurity Landscape?
• HHS Urges Health Sector to Beef Up OT, IoMT Security
• Defending Healthcare Facilities Against Ransomware Attacks
• Health-ISAC Hacking Healthcare 12-16-2024