Skip to main content

Health-ISAC Hacking Healthcare 5-7-2025

This week, Health-ISAC®‘s Hacking Healthcare®  examines a new healthcare cybersecurity advisory board being established by the European Commission as part of their European Action Plan on the Cybersecurity of Hospitals and Healthcare Providers. Join us as we break down why this new advisory board exists, what it intends to do, and how qualifying individuals and Health-ISAC members can apply to join. 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

 

PDF Version: TLPWHITE Hacking Heathcare Weekly Blog 5.7.2025
Size : 196.6 kB Format : PDF

 

Text Version:

Welcome back to Hacking Healthcare®.

Health-ISAC Americas Hobby Exercise 2025

Before we jump into today’s article, we are rapidly approaching the sixth annual Americas Hobby Exercise, and we encourage Health-ISAC members to consider registering their interest to attend. The exercise is an all-day workshop and tabletop exercise with Health-ISAC members and United States Government (USG) agencies. The goal of which is to inform the sector and government on the issues faced by the health sector and how Health-ISAC and its members address concerns and to build enduring relationships within and across the health sector and government that help to strengthen understanding, response, and recovery plans and activities.

This year’s Hobby Exercise will be held on June 26 in Washington, D.C. Registration and additional information can be found here: https://portal.h-isac.org/s/community-event?id=a1YVn000002g8HlMAI

Additionally, for those seeking to better understand what the exercise looks like and has accomplished, we direct you to review previous Hobby Exercise After Action Reports:

America’s Hobby Exercise 2024: https://health-isac.org/hobby-exercise-2024-after-action-report/

America’s Hobby Exercise 2023: https://health-isac.org/hobby-exercise-2023-after-action-report/

 

European Commission Health Cybersecurity Advisory Board Open to Applicants 

The European Commission continues to make strides towards implementing their European Action Plan on the Cybersecurity of Hospitals and Healthcare Providers (Action Plan) with the opening of applications for the newly created Health Cybersecurity Advisory Board. Let’s dig into what members can expect from this board, when it is likely to take shape, and how to apply for membership.

What is the Action Plan? 

Hacking Healthcare has covered the Action Plan before, and we encourage members to review our prior articles for a more comprehensive review as well as the official European Commission communication on the matter.[i],[ii] However, at a high level, the initiative aims to improve the security and resiliency of EU hospitals and healthcare providers through a variety of work streams tailored to the capabilities and authorities of European Union institutions, EU member states, and the private sector.

Why a Health Cybersecurity Advisory Board?

Among the proposals laid out by the European Commission was the development of “a dedicated European Cybersecurity Support Centre for hospitals and healthcare providers…to safeguard and support the EU’s critical infrastructure.”[iii] This Support Centre would be established within the European Union Agency for Cybersecurity (ENISA), and it would provide a range of support services and tools. 

In order to further assist the Support Centre’s goals, the Action Plan envisioned setting up a joint ENISA and European Commission-led Health Cybersecurity Advisory Board to facilitate public-private cooperation. In their own words, the board involves “high-level representatives of both fields, healthcare and cybersecurity, who can advise the Commission and the Support Centre on impactful actions and discuss the further development of public-private partnerships in this field. The board will build on existing efforts for public-private partnerships, including the European Health ISAC.”[iv]

Health Cybersecurity Advisory Board Details

According to the 34-page application document that was released towards the end of April, here is what we can expect from the Health Cybersecurity Advisory Board:

  • The board is set up as a European Commission expert group to be chaired by DG Connect, with members serving two-year terms. 
  • The specific tasks include: 
    • Assisting DG CONNECT in the preparation of policy initiatives in the field of cybersecurity of healthcare;
    • Providing DG CONNECT with comments on relevant draft deliverables prepared under the Action Plan; 
    • Identifying best practices on cybersecurity, to be shared among hospitals and healthcare providers; 
    • Supporting the dissemination of information to hospitals and healthcare providers; 
    • Providing advice to ENISA regarding the activities of the Support Centre;
    • Providing data, insights, and evidence to the Commission and ENISA as a part of monitoring the Action Plan; 
    • Facilitate exchanges between cybersecurity professionals, producers of products used in the ICT supply chains of hospitals and healthcare providers, and healthcare professionals; 
    • Under the steer and coordination of DG CONNECT, to exchange with the European Health CISOs (4) Network, the European Health ISAC (5), and other relevant groups such as the eHealth Network (6) and the eHealth Stakeholder Group (7) on matters of interest, such as the assessment of the cybersecurity role profiles (8) needed by hospitals and healthcare providers.
  • The board will be composed of 15 members that fall within three categories:
    • Individuals acting in a personal capacity with relevant expertise in healthcare cybersecurity. 
    • Organizations, including companies and associations, that are active in either healthcare or cybersecurity. 
    • Members appointed to represent a common interest.   
  • Recommendations, opinions, and reports are to be formed by consensus as much as possible.

 

The Call for Applicants 

There is currently an open call for applications to join the Health Cybersecurity Board that will run until May 23.[v] Comprehensive information can be found within the 34-page Call for Applicants document, including criteria for the applicants, the application process, and the selection process.[vi] 

 

Action & Analysis 
**Available with Health-ISAC Membership**

 

[i] https://health-isac.org/health-isac-hacking-healthcare-1-24-2025/ 

[ii]https://digital-strategy.ec.europa.eu/en/library/european-action-plan-cybersecurity-hospitals-and-healthcare-providers

[iii]https://digital-strategy.ec.europa.eu/en/library/european-action-plan-cybersecurity-hospitals-and-healthcare-providers

[iv]https://digital-strategy.ec.europa.eu/en/library/european-action-plan-cybersecurity-hospitals-and-healthcare-providers

[v]https://digital-strategy.ec.europa.eu/en/news/commission-launches-call-selection-members-newly-launched-health-cybersecurity-advisory-board

[vi]https://digital-strategy.ec.europa.eu/en/news/commission-launches-call-selection-members-newly-launched-health-cybersecurity-advisory-board

[vii]https://digital-strategy.ec.europa.eu/en/news/commission-launches-call-selection-members-newly-launched-health-cybersecurity-advisory-board

[viii]https://digital-strategy.ec.europa.eu/en/news/commission-launches-call-selection-members-newly-launched-health-cybersecurity-advisory-board

[ix]https://digital-strategy.ec.europa.eu/en/news/commission-launches-call-selection-members-newly-launched-health-cybersecurity-advisory-board

[x]https://digital-strategy.ec.europa.eu/en/news/commission-launches-call-selection-members-newly-launched-health-cybersecurity-advisory-board

Artificial Intelligence and Digital Identity: A CISO’s Guide to Implementing Advanced Technologies to Fight Cyber Attacks and Fraud
Health-ISAC: Rural Hospitals Must Adopt Cybersecurity Best Practices