The European Commission has announced it will draft new legislation requiring healthcare providers to take stronger security measures and report breaches to the authorities.
In 2013, the commission released a proposal for a directive to ensure a high common level of network and information security in the European Union (EU). On 8 December, the European Parliament and the Luxembourg Presidency of the EU Council of Ministers reached an agreement on an effort that will improve cybersecurity capabilities in member states; improve member states' cooperation on cybersecurity; and require providers of essential services in the energy, transport, banking, and healthcare sectors -- as well as those of digital services like search engines and cloud computing -- to take appropriate security measures and report incidents to the national authorities.
The text of the legislation will have to be formally approved by the European Parliament and the EU Council of Ministers before being published in the EU official journal. Member states will have 21 months to put the directive into action, the European Commission said.