This edition of Hacking Healthcare® what kinds of healthcare cybersecurity policies and initiatives we may see come out of the European Commission now that the elections have concluded, and the new political term is underway.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
PDF Version:
TLP WHITE 8.12.2024 Hacking Healthcare®
Size : 149.8 kB Format : PDF
Text Version:
Welcome back to Hacking Healthcare®.
European Commission President Outlines Ambitious Healthcare and Cybersecurity Targets
On the day of her re-election to the position of President of the European Commission, Ursula von der Leyen provided an outline of her policy priorities to the members of the European Parliament. In a speech and accompanying position paper, she touched on a wide range of issues that the EU must grapple with from traditional geopolitics and the need for green energy to the promise held by embracing emerging technologies like AI. She also did not shy away from an ambitious agenda for healthcare and cybersecurity that is worth examining in greater depth.
While von der Leyen’s speech provided a glimpse of her priorities[i], her 31-page policy position paper, Europe’s Choice: Political Guidelines for the Next European Commission 2024–2029[ii], provided far more detail on what she might hope to achieve in the next five years.
100-day Healthcare Provider Cybersecurity Sprint
On the topic of a circular and resilient economy, von der Leyen’s position paper stresses the need to “do more to protect the security of our health systems, which are increasingly the target of cyber and ransomware attacks.”[iii] In order to “improve threat detection, preparedness and crisis response,” she proposed “a European action plan on the cybersecurity of hospitals and healthcare providers in the first 100 days of the mandate.”[iv]
Unlocking AI’s Potential for Healthcare
Unsurprisingly, von der Leyen’s position paper also touched on the need to harness the powerful potential of AI. After highlighting the work, the EU has done to invest in the technology and provide leadership in its safe usage, the paper notes the need to “develop with Member States, industry and civil society an Apply AI Strategy to boost new industrial uses of AI and to improve the delivery of a variety of public services, such as healthcare.”[v]
EU Preparedness, Cyber Defenses, and Deterrence
The position paper also took time to address EU-wide preparedness and cybersecurity at a high level, something that the healthcare sector would benefit from even if it is not sector-specific.
The position paper describes how Europe “needs new ambition on crisis and security preparedness” and how that will lead to a new Preparedness Union Strategy.[vi] It is envisioned that the strategy will in part “focus on further strengthening our cyber defence capabilities, coordinating national cyber efforts, and securing our critical infrastructures – notably by developing a trusted European cyber-defence industry”[vii]
In addition, von der Leyen’s position paper noted the need to strengthen the EU’s deterrence capabilities: “We must also work on integrated deterrence. With this in mind, we will strengthen our strategic approach to sanctions to ensure that we can react flexibly to new threats. This will look at how our sanctions framework against cyberattacks can be expanded and how a new sanctions regime against hybrid attacks on the EU and its Member States could work.”
Strengthening Europol
Von der Leyen also appeared bullish on strengthening Europol, a move that could have significant cybersecurity effects. Her position paper aggressively asserts a desire to “make Europol a truly operational police agency and more than double its staff over time.”[viii] Alongside the proposed staffing increases, von der Leyen proposes “a strengthened oversight and mandate” and an increased capacity “to support national law enforcement agencies.”
Action & Analysis
**Included with Health-ISAC Membership**
[i] https://ec.europa.eu/commission/presscorner/detail/ov/STATEMENT_24_3871
[ix] https://h-isac.org/health-isac-hacking-healthcare-8-2-2024/
[xiii] https://www.europol.europa.eu/about-europol
[xvi] https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3
- Related Resources & News
- How Healthcare Facilities Can Prepare for All Types of Emergencies
- Health-ISAC Hacking Healthcare 10-24-2024
- UnHack (the Podcast): Generating Cyber Resilience Through Collaboration with Errol Weiss
- Newfangled and Fastest-Growing Phishing Cyberattacks: Updated Guide for Healthcare Leaders
- Health-ISAC Hacking Healthcare 10-15-2024
- Health-ISAC Welcomes Booz Allen Hamilton to the Ambassador Program
- Health-ISAC Hacking Healthcare 10-9-2024
- Monthly Newsletter – October 2024
- Health ISAC leads effort to transform SBOM information sharing under CISA-facilitated community work
- CyberEdBoard Insights: Phil Englert and Errol Weiss