The security of health data is critical for us all, but particularly patients. Many challenges to healthcare data are already here today, including in relation to electronic health records (EHRs).
Cybersecurity was the core topic of one the break-out sessions at the European Digital Health Summit, held in at the Casa de América, Madrid, on 1-2 December 2025. It fitted well with the conference’s overall focus on digital health innovation across Europe and Latin America.
The three speakers in the breakout session were Evangelos Markatos of the University of Crete/FORTH, Greece; Arnault Barichella of the Jacques Delors Institute, France; and Bianca Pop of the European Patients’ Forum, Brussels. Eduvigis Ortiz of Eraneos, Spain, moderated the session.
Overall, cybersecurity was portrayed as a key means to protect patient safety. A major concluding message was: “We are all responsible [for cybersecurity] – everyone of us!”
Speakers on cybersecurity at the European Digital Health Summit (Source: European Digital Health Summit)
What was the background to the session
The latest European directive on cybersecurity known as the NIS2 directive – aims to improve cybersecurity throughout Europe and provides a framework to do this. This directive was adopted three years ago in December 2022. The conversation among the three speakers ranged over a variety of topics, often complemented by input from the moderator. Examples included good practice (first steps towards cybersecurity maturity models), useful governance models, and user (patient) empowerment. Topics ranged over threats like hostile cyberattacks; hacking; and provided useful insights into what can be priority solutions/responses; incentives to use e.g., with clinicians; and capacity-building, especially in terms of patient awareness of cybersecurity threats.
What is considered to be the weakest link
Cyber criminals will always go for the weakest link. Potential weakest links ranged over individual users; individuals’ devices; the varying capacities and competences of organisations (small and medium-sized enterprises were portrayed as sometimes being “like a house with open windows/open doors”); and the potential differences between data stored in various types of clouds (some of which may be secure and others not).
What were some of the key take-aways
Here are some useful quotes from speakers:
On the global context: “There’s a global cyberwar.” Arnault Barichella, Jacques Delors Institute
On incentivising clinicians to be cybersecure: “You need to sterilise [equipment and devices]” e.g., by using anti-viruses, Evangelos Markatos, University of Crete/FORTH.
As a general warning: “Be ‘street-smart’ on cyberspace.” Evangelos Markatos, University of Crete/FORTH.
As a wake-up call: “Do you know what the average price is of personal health data on the dark web?” Evangelos Markatos, University of Crete/FORTH.
On trust: “Trust is the foundation. Data is the proxy.” Bianca Pop, EPF.
On capacity building: “Empower, rather than overwhelm, patients.” Bianca Pop, EPF.
Towards the end of the session, audience members sought answers to questions about the potential for automatic digitalisation of EHRs; EHRs being uploaded into large language models; and what are the attitudes of authorities and people towards these new and ongoing moves.
How to learn more – interesting useful documentation and other webinars
Useful supporting information provided by speakers included references to funding; policy; and other initiatives, good practices, and reports:
- NextGenerationEU is a potentially useful source of funding for people interested in conducting projects on cybersecurity.
- European Action Plan on Cybersecurity is the January 2025 European Commission communication proposal an action plan on cybersecurity for healthcare providers and hospitals.
- Belgium’s CyberFundamentals Framework (CyFun) has produced a free report in English.
- Spain’s Cybersecurity Institute publishes materials available in English.
- Health-ISAC is a USA-based organisation for collaboration on resilience – including cybersecurity – in the healthcare sector, and has numerous published reports.
- Data saves lives is an ongoing initiative focused on patient safety run by the European Patients’ Forum. The initiative celebrated its five years of existence in 2024.
Last but not least, the XiA project held its first open learning session on 22 January 2026. Evangelos Markatos (University of Crete/FORTH) spoke again about the focus on cybersecurity, through the viewpoint of the xShare project. Two other speakers, Juano Carlos Perez Baun (Eviden/ATOS) and Kassem KALLAS (INSERM), offered plenty of additional insights on privacy-preserving data sharing and AI security in digital health.