Author Description

Is is the first ENISA threat landscape report which brings insights into cyber threats targeting the European health sector. The sector was selected due to its criticality and its importance to European citizens and their well-being. In the ENISA Threat Landscape 2022, around 7% of the observed incidents targeted health organisations. Moreover, 32% of the incidents with a significant impact reported under the Network and Information Security Directive in 2022 were incidents in the EU health sector. Additionally, during 12 consecutive years the healthcare industry had the highest average cost of a breach worldwide. In this report, we have analysed cyber incidents targeting the health sector from January 2021 to March 2023. This period is referred to as the 'reporting period' throughout the report. We collected publicly reported cyber incidents affecting various types of organisations related to health. These include: - healthcare providers, such as hospitals, primary care providers, sociosanitary care providers, dental care providers, emergency services, mental health institutions, etc., - EU reference laboratories, entities carrying out research and development activities for medicinal products and, more generally, organisations conducting health related research, - entities manufacturing basic pharmaceutical products and pharmaceutical preparations, and the pharmaceutical industry in general, - entities manufacturing medical devices and biotechnology manufacturers, - health authorities, bodies and agencies nationally and in the EU, - health insurance organisations, - residential treatment facilities and social services providers.