The EU's action plan tackles the growing ransomware threat to healthcare with several targeted measures. The plan includes guidance to help providers avoid paying ransoms1 and the development of ransomware decryption tools to support recovery from attacks while ensuring uninterrupted patient care2. By Q4 2025, the EU will identify key ransomware strains specifically targeting healthcare3 and establish a ransomware recovery subscription service by 20263. Additionally, Member States may be required to report ransom payments when reporting significant incidents under the NIS2 Directive, representing a significant regulatory change aimed at better understanding attack patterns and supporting investigations1.

The initiative comes in response to alarming statistics, with 309 significant cybersecurity incidents affecting the EU healthcare sector in 2023—more than any other critical industry in the bloc2. As WHO Director-General Tedros Adhanom Ghebreyesus warned, ransomware attacks on hospitals "can be issues of life and death"2. To strengthen international cooperation against ransomware actors, the EU will work through the International Counter Ransomware Initiative and the G7 Cybersecurity Working Group between 2025-20263, creating a more coordinated global response to this critical threat.

The European Commission published a Recommendation on April 11, 2024, urging Member States to develop a coordinated approach for transitioning to Post-Quantum Cryptography (PQC).12 This initiative addresses the emerging threat posed by quantum computers, which could potentially break current encryption methods that protect sensitive data across critical infrastructure, including healthcare systems. The recommendation calls for Member States to establish clear goals and timelines, culminating in a joint PQC Implementation Roadmap that should be available within two years of publication.34

The transition strategy emphasizes hybrid schemes that may combine PQC with existing cryptographic approaches or with Quantum Key Distribution to secure public administration systems and critical infrastructure.1 Projects like QUBIP are already working to streamline this transition by creating replicable models for integrating post-quantum algorithms into protocols, networks, and systems currently in use.5 This coordinated EU-wide approach aims to ensure interoperability between countries while protecting digital infrastructures against future quantum threats, complementing the broader cybersecurity initiatives targeting healthcare and other critical sectors.36

The EU Cybersecurity Reserve, established under the Cyber Solidarity Act that entered into force on February 4, 2025, serves as the operational backbone for responding to significant cybersecurity incidents across the EU12. With €36 million allocated for 2025-2027, this emergency response mechanism consists of trusted managed security service providers who meet strict security standards and can be rapidly deployed to assist Member States, EU institutions, and Digital Europe Programme-associated third countries during major cyber incidents23. The Reserve will play a crucial role in the European action plan on cybersecurity of hospitals and healthcare providers, offering rapid response services to the health sector when under attack45.

The Reserve operates through a structured activation process that begins with incident detection by cybersecurity centers, followed by risk assessment from ENISA and national authorities to determine if EU-wide intervention is necessary6. When activated, these pre-qualified "cyber incident first responders" provide advanced detection tools, large-scale operational support, and coordinated cross-border response procedures76. Users of the Reserve include Member States' Computer Security Incident Response Teams and crisis management authorities, who are obligated to utilize these services when managing significant cyber incidents affecting entities regulated under NIS28. This proactive approach combines both emergency response capabilities and preventative measures, strengthening Europe's collective cyber resilience in critical sectors.