Health-ISAC Hacking Healthcare 6-19-2025

Welcome back to Hacking Healthcare^®.

Monthly Threat Brief

First, as a reminder, next Tuesday and Wednesday are the Health-ISAC’s monthly threat briefing. Come join your fellow Health-ISAC members as Health-ISAC staff and partner organizations provide an overview of the threat landscape. Presentations include an assessment of emerging malware, APT trends, legal and regulatory issues, physical security concerns, and more. We encourage all Health-ISAC members to take advantage of this service.

E.U. Earmarks Additional Funds to Improve EU Cybersecurity—Healthcare Included

The European Union has been very active over the past few years in introducing new or revising existing regulations and directives, developing new initiatives, and dedicating funding with the intent of improving the security and resiliency of the European cybersecurity ecosystem. Last week, the European Commission announced another step to bolster these efforts with two calls for proposals totaling €145.5 million “to boost European cybersecurity, including for hospitals and healthcare providers.”^[i] Let’s dig into this new development to assess what it may mean for health sector entities in the EU and how it ties into ongoing efforts like the action plan on cybersecurity in hospitals and healthcare.^[ii]

What Are the Proposals?

The first proposal is under the Digital Europe Programme (DEP). Established in 2021, the DEP is a “funding programme focused on bringing digital technology to businesses, citizens and public administrations” whose budget runs into the billions.^[iii] From this program, €30 million will be made available to “enhance the cybersecurity of hospitals and healthcare providers, helping them detect, monitor, and respond to cyber threats, particularly ransomware.”^[iv]

The second proposal is under the Horizon Europe Programme. This funding program “strengthens the impact of research and innovation in developing, supporting and implementing EU policies while tackling global challenges,” and “supports creating and better dispersing of excellent knowledge and technologies.”^[v] Funding for the years 2021–2027 amounted to €93.5 billion, of which €90.5 million is being made available for this opportunity to “support the use and development of generative AI for cybersecurity applications, new advanced tools and processes for operational cybersecurity, and privacy-enhancing technologies as well as post-quantum cryptography.”^[vi]

How Will This Support the Health Sector Specifically?

The EU Funding and Tenders Portal webpage for the first proposal provides greater detail on what it is hoped this funding opportunity will create.^[vii] 

Titled Dedicated Action to Reinforcing Hospitals and Healthcare Providers, this funding opportunity is specifically seeking to achieve the following outcomes:^[viii]

• Mapping of common cybersecurity needs of hospitals and healthcare providers.
• Guidelines for healthcare providers to assess their current state of cybersecurity protection and relevant needs.
• Technical cybersecurity plans to enhance preparedness and cyber resilience: improved detection and response capabilities for healthcare institutions minimising the impact of cyberattacks, particularly for ransomware. This also includes dedicated training courses to staff.
• Pilot cybersecurity demo installations at partner hospitals and healthcare provider sites to ensure hospitals and healthcare providers can maintain operational continuity in the face of cybersecurity incidents. This should be monitored through specific KPIs.
• Wide dissemination campaigns to help scale up preparedness of hospitals and healthcare providers in Europe.

According to the proposal, all of these objectives will generally “contribute to the EU action plan on cybersecurity in hospitals and healthcare,” and the various pilot projects that are envisioned making up this proposal are expected to also support healthcare institutions complying with the NIS 2 Directive.

Complete details of this proposal, including the criteria for submissions, due dates, and key performance indicators, can be found in the 43-page full proposal from the European Cybersecurity Competence Centre (ECCC).^[ix]

Action & Analysis 
**Available with Health-ISAC Membership**

^[i] https://digital-strategy.ec.europa.eu/en/news/eu-allocates-eu1455-million-boost-european-cybersecurity-including-hospitals-and-healthcare

^[ii] https://digital-strategy.ec.europa.eu/en/factpages/cybersecurity-hospitals-and-healthcare-providers

^[iii] https://digital-strategy.ec.europa.eu/en/activities/digital-programme

^[iv] https://digital-strategy.ec.europa.eu/en/news/eu-allocates-eu1455-million-boost-european-cybersecurity-including-hospitals-and-healthcare

^[v] https://research-and-innovation.ec.europa.eu/funding/funding-opportunities/funding-programmes-and-open-calls/horizon-europe_en

^[vi] https://digital-strategy.ec.europa.eu/en/news/eu-allocates-eu1455-million-boost-european-cybersecurity-including-hospitals-and-healthcare

^[vii] https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH?isExactMatch=true&status=31094501,31094502,31094503&programmePeriod=2021%20-%202027&frameworkProgramme=43152860&callIdentifier=DIGITAL-ECCC-2025-DEPLOY-CYBER-08&order=DESC&pageNumber=1&pageSize=50&sortBy=startDate

^[viii] https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/DIGITAL-ECCC-2025-DEPLOY-CYBER-08-CYBERHEALTH?isExactMatch=true&status=31094501,31094502,31094503&programmePeriod=2021%20-%202027&frameworkProgramme=43152860&callIdentifier=DIGITAL-ECCC-2025-DEPLOY-CYBER-08&order=DESC&pageNumber=1&pageSize=50&sortBy=startDate

^[ix] https://cybersecurity-centre.europa.eu/document/download/da2e1929-9320-4ae7-97e6-4c3e2ae7de3f_en?filename=DIGITAL-ECCC-2024-DEPLOY-CYBER-08.pdf

^[x] https://digital-strategy.ec.europa.eu/en/library/european-action-plan-cybersecurity-hospitals-and-healthcare-providers

^[xi] https://digital-strategy.ec.europa.eu/en/factpages/cybersecurity-hospitals-and-healthcare-providers