Europe's Hospital IT Leaders in Germany, France, and Italy Warn: EHDS Push Outpaces Cyber Defenses
As EHDS interconnects EU systems, hospitals call for patch SLAs, SBOM/VEX transparency, and baseline API hardening to curb breach risk.
BRUSSELS, August 26, 2025 (Newswire.com) - Cybersecurity has overtaken other digital priorities as the most acute operational risk to European hospitals, according to a new Black Book™ European survey of 352 hospital IT leaders in Germany (158), France (84), and Italy (110). Respondents describe a widening attack surface driven by ransomware pressure, middleware/API weaknesses, and deferred EHR patching. just as the European Health Data Space (EHDS) enters its transition phase toward application and NIS2 obligations bite through national laws.
Key findings from the Black Book survey
74% of hospitals reported at least one serious cyberattack attempt in the past 12 months; the most common entry points were compromised credentials and attacks on APIs used for data exchange (FHIR/HL7).
83% identify interoperability vendors and middleware systems as their most exploitable layer, citing weak API credential management, inconsistent mutual-TLS (mTLS), and infrequent key/token rotation.
60% acknowledge deferred EHR patching; in open-ended responses, executives most often referenced their own deployed EHR environments
69% of French and Italian CIOs say their posture is constrained by vendor patch responsiveness and complex upgrade dependencies across EHR, PACS, LIMS, and scheduling systems.
62% report no ring-fenced incident-response budget or in-house Security Operations Center (SOC) capacity.
89% believe EHDS connectivity will expand breach exposure before essential controls (strong identity, network segmentation, EDR/XDR, tested immutable backups) are widely implemented.
"Identity and the APIs between core systems are the weak links," said Doug Brown, Founder & President of Black Book Research. "Hospitals are working through backlogs of unresolved vulnerabilities while uncontrolled digital keys and dependency-bound patch cycles enlarge the attack surface. Without enforceable timelines for critical fixes, transparent disclosure, and clear software inventories, hospitals are fighting fast-moving threats with processes that can't keep pace."
The EHDS Regulation (EU) 2025/327 entered into force on March 26, 2025, initiating phased application and expanding cross-border data use on top of MyHealth@EU services like ePrescription and Patient Summaries.
Real-world incidents: a pattern of escalation
Multi-country (Germany/Austria/Switzerland) - AMEOS Group disclosed a security breach disrupting operations across multiple countries in late July 2025.
Germany - University Hospital Frankfurt suffered a major cyberattack reported July 2025, severing internet access and triggering infrastructure rebuild; There were 324 health-sector incidents reported in 2023, the most of any critical sector.
United Kingdom - Ransomware on Synnovis pathology services forced London trusts to cancel procedures and revert to manual workarounds; NHS and press statements documented extensive disruption.
Germany - UKSH (Lübeck & Kiel) canceled elective surgeries amid the global CrowdStrike IT outage-not a cyberattack, underscoring third-party resilience risk.
Belgium - CHU UCL Namur experienced a major IT outage that curtailed non-urgent admissions across three sites.
France - Hôpital Simone-Veil (Cannes) faced a 2024 LockBit ransomware incident; non-urgent care was postponed and stolen data later published.
Ireland - Mater Misericordiae University Hospital (Dublin) reported EHR/IT 2024 outages leading to cancellations and ED advisories.
EU-wide context: In January 2025, the European Commission launched an Action Plan to bolster hospital cybersecurity-standing up an ENISA Support Centre, an EU-wide early-warning service by 2026, and rapid-response capacity via the EU Cybersecurity Reserve.
Vendor ecosystem: foundational but fragile
Across the survey base, respondents report heavy reliance on a small set of dominant clinical platforms spanning EHR, interoperability, and imaging. While no single brand was singled out as uniquely responsible, hospitals emphasized shared risk characteristics across large platforms:
Patch cadence and latency governed by maintenance windows and change-freeze cycles.
Clarity and timing of vulnerability advisories, often cited as insufficient to guide rapid action.
Complex upgrade dependencies across EHR, PACS, LIMS, and scheduling that slow remediation.
Cybersecurity providers most often recognized by respondents for highest satisfaction in healthcare-specific capabilities included Thales Group, Atos Eviden, Orange Cyberdefense, Secunet, Sopra Steria, and Almaviva/Ingegneria Informatica, alongside global platforms such as Cisco, Palo Alto Networks, Check Point, and Fortinet. In this survey,
88% indicated a preference for EU-based providers due to GDPR alignment and data sovereignty.
What hospital leaders want from EHR & HIT vendors (respondent priorities)
Patch SLAs tied to severity (e.g., critical fixes within defined hours/days) - 94%.
SBOM + VEX transparency to separate exploitable defects from background CVEs - 88%.
Coordinated Vulnerability Disclosure (CVD) with time-boxed remediation and clear advisories - 80%.
API security baselines (OAuth scope minimization, mTLS, scoped tokens, frequent rotation/revocation, signed requests, automated secret hygiene) - 66%.
Real-time advisories & flexible maintenance windows to reduce clinical downtime - 92%.
Third-party/middleware risk controls such as API-gateway monitoring, token management, and supplier assurance - 99%.
The road ahead: aligning EHDS, NIS2 and product obligations
As EHDS scales cross-border exchange and MyHealth@EU services, hospitals and suppliers are also preparing for the Cyber Resilience Act (Regulation (EU) 2024/2847) lifecycle security requirements for "products with digital elements," with main obligations applying from December 11, 2027.
Practical next steps include SBOM-backed software inventories, continuous API posture management, and severity-based patch SLAs aligned to clinical risk.
About the study
The 2025 European Cybersecurity Healthcare User Survey reflects self-reported conditions from 352 qualified hospital IT leaders in Germany (158), France (84), and Italy (110). Fielded March-August 2025. All figures reflect respondent experiences and perceptions within their environments. Black Book did not independently validate vendor-specific claims; results are reported as provided by respondents. Where priorities include multiple selections, percentages may exceed 100%.
About Black Book Research
Black Book Research delivers independent, vendor-agnostic intelligence on healthcare technology, cybersecurity, payer operations, and digital health adoption. Since 2011, Black Book has collected nearly 3.5 million stakeholder viewpoints worldwide-including more than 220,000 responses from European healthcare IT users-to benchmark satisfaction, readiness, and risk. Surveys are conducted with validated respondents using standardized instruments and confidence thresholds appropriate to each study design.
Media Contact research@blackbookmarketresearch or 1 800 863 7590 Download gratis healthcare IT industry EHR, Cybersecurity and Population Health global reports for 110 countries worldwide at https://www.blackbookmarketresearch.com
Source: Black Book Research
