European Commission logo
JRC Data Catalogue
DATASETCompleted

Cyber incidents in healthcare settings in Europe from May 2022 to April 2023 with potential health impacts

QR code

This data set provides the list of cyber incidents in Europe with possible health impacts we identified using Europe Media Monitor (EMM) tool from the 1st of May 2022 to the 30th of April 2023. The data set also supplies the list of keywords we used to configure EMM.

The primary objective of this activity was to assess whether there is and the quantity of information on incidents a) with significant potential health impacts (e.g. delayed treatment) and b) to determine whether there were reports that indicated consequences on patients’ health (e.g. death, deterioration of health).

Our search was conducted for media publishing in English, German, Italian, French and Spanish. It therefore did not cover all languages spoken in the EU and the results may not be representative for the entire European Union.

Contributors

Vittorio Reina

How to cite

European Commission, Joint Research Centre (2026): Cyber incidents in healthcare settings in Europe from May 2022 to April 2023 with potential health impacts. [Dataset] doi: 10.2905/JRC.SSFWTXR PID: http://data.europa.eu/89h/7fb91c8b-f799-409d-97e3-a6790d172481

Keywords

cyber incidentcybersecurityhealthhealthcare settingshospital

Data access

List of cyber incidents in Europe and search keywords
Excel XLSX

XLSX is the default file format for Excel 2007 and later workbook used for Microsoft Excel spreadsheet which features calculation, graphing tools, pivot tables and a macro programming language. XLSX is in reality a ZIP compressed archive with a directory structure of XML text documents.
Downloadable file

A downloadable file for the dataset.

Use conditions
European Commission reuse notice

According to the European Commission reuse notice, reuse is authorised, provided the source is acknowledged. The reuse policy of the European Commission is implemented by the Decision of 12 December 2011. The general principle of reuse can be subject to conditions which may be specified in individual copyright notices. Therefore users are advised to refer to the copyright notices of the individual websites maintained under Europa and of the individual documents. Reuse is not applicable to documents subject to intellectual property rights of third parties.

Access conditions
No limitations

Anybody can directly and anonymously access the data, without being required to register or authenticate.

Publications

Publication
Cyber security in the health and medicine sector: a study on available evidence of patient health consequences resulting from cyber incidents in healthcare settings
REINA, V. and GRIESINGER, C., Cyber security in the health and medicine sector: a study on available evidence of patient health consequences resulting from cyber incidents in healthcare settings, Publications Office of the European Union, Luxembourg, 2024, doi:10.2760/693487 (online), JRC138692.
Publications Office of the European Union, Luxembourg, Luxembourg
DOI badgeISBN badgeISSN badge

  • The health and medicine sector are increasingly digitized, a trend that will accelerate with more widespread adoption of artificial intelligence, wearables and internet of things-based healthcare. Yet, this digital transformation carries notable cybersecurity threats. While there is ample evidence on cyberattacks to this sector, information on whether they cause health impacts is contradictory, in particular whether they have, subsequently, contributed to severe health outcomes.

    In order to explore this inconsistency, we used the Europe Media Monitor (EMM) to retrieve media content on cyber incidents in healthcare settings reported in several European languages over one year. We focused on cyber incidents with reported impact to patients’ health by using selected combinations of keywords and appropriate exclusion criteria. We retrieved 21 cyber incidents with potential health impacts such as postponed therapies, delayed surgeries. Notably, for none of the incidents adverse health effects (e.g. injury, deterioration of health, death) were reported.

    This study reveals cyber vulnerabilities in the EU healthcare sector and further highlights the challenge of characterising cyber incidents in regard to their health consequences. Hurdles are a lack of consistent evaluation and reporting criteria and a lack of frameworks for assessing causality. We alert that such tools need to be developed in order to prepare for the rising risk of cyber incidents in an increasingly digitised healthcare environment.

Temporal coverage

From date To date
2022-05-01 2023-04-30

Additional information

Published by
European Commission, Joint Research Centre
Contact email
vittorio.reina (at) ec.europa.eu
Update frequency
unknown

The event occurs with unknown regularity.

Data theme(s)
Health

dataset theme covering the domain of health which includes health conditions, diseases, treatments, healthcare services, and health policies

Geographical name(s)
Europe
Issued date
2024-01-01
Created date
20 Dec 2024 14:33
Modified date
08 Jan 2025 09:44
Dataset identifier
http://data.europa.eu/89h/7fb91c8b-f799-409d-97e3-a6790d172481
Other identifiers
Rate this page
Please vote (optional).
An unhandled error has occurred. Reload 🗙