Within the EH-ISAC, healthcare organizations collaborate with sectoral Computer Emergency Response Teams (CERTs), national cybersecurity organizations, and ENISA, the European cybersecurity agency. They exchange information about current threats, vulnerabilities, and incidents they encounter.
European Health ISAC
Strengthening cybersecurity in healthcare through collaboration
The European Health Information Sharing and Analysis Center (EH-ISAC) is a non-profit platform established in 2023 to strengthen cybersecurity in the European healthcare sector.
Why is it important?
The healthcare sector is an increasingly attractive target for cyberattacks, such as ransomware and data breaches. At the same time, the impact and risks are significant because disruptions to healthcare processes can directly affect patients.
The EH-ISAC helps organizations reduce these risks by working together and sharing knowledge. What one organization experiences today could happen elsewhere tomorrow. By sharing information about attacks and vulnerabilities, European healthcare organizations can respond more quickly and better prevent new incidents.
How does it work?
Within the EH-ISAC, members work together in a secure, trusted environment, enabling them to share sensitive threat intelligence, vulnerabilities, and incident data without risk of exposure.
The collaboration focuses on:
- Sharing real-time threat intelligence and vulnerability alerts to stay ahead of emerging risks.
- Exchanging best practices and lessons learned from incidents, so no one has to reinvent the wheel.
- Improving detection and response capabilities to identify and mitigate threats faster.
- Developing joint tools, such as threat dashboards, detection networks, and healthcare-specific security solutions.
The result? Faster incident response, stronger defenses, and a more resilient healthcare sector, all while maintaining the confidentiality of shared information.
Collaboration in Europe
The EH-ISAC brings together dozens of organizations from various European countries. The initiative also works closely with European policy programs and regulations, such as the NIS2 Directive, the European Health Data Space (EHDS), and the European Commission. In the EU Action Plan for Health by the European Commission, support for the EH-ISAC is explicitly mentioned as one of the activities.
Thanks to the EH-ISAC, healthcare organizations no longer have to tackle cyber threats alone. By pooling knowledge and resources, the sector becomes more resilient, enabling faster responses to incidents and ensuring the continuity of care for patients across Europe.
The Role of Z-CERT
Currently, Z-CERT is driving the development of the EH-ISAC. The EH-ISAC is still in its early stages. A 2022 survey revealed a clear interest and need among (potential) members for mature collaboration and information sharing in the field of information security