Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-global-threats-eu-healthcare/
Source: Cloud Blog
Title: Cloud CISO Perspectives: The global threats facing EU healthcare
Feedly Summary: Welcome to the second Cloud CISO Perspectives for June 2025. Today, Thiébaut Meyer and Bhavana Bhinder from Google Cloud’s Office of the CISO discuss our work to help defend European healthcare against cyberattacks.As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
aside_block
The global threats facing European hospitals and health organizationsBy Thiébaut Meyer, director, Office of the CISO, and Bhavana Bhinder, European healthcare and life sciences lead, Office of the CISO
Thiébaut Meyer, director, Office of the CISO
As the global threat landscape continues to evolve, hospitals and healthcare organizations remain primary targets for cyber threat actors. To help healthcare organizations defend themselves so they can continue to provide critical, life-saving patient care — even while facing cyberattacks — the European Commission has initiated the European Health Security Action Plan to improve the cybersecurity of hospitals and healthcare providers.There are two imperative steps that would both support Europe’s plan and bolster resilience in our broader societal fabric: Prioritizing healthcare as a critical domain for cybersecurity investment, and emphasizing collaboration with the private sector. This approach, acknowledging the multifaceted nature of cyber threats and the interconnectedness of healthcare systems, is precisely what is required to secure public health in an increasingly digitized world. It’s great to see the European Commission has recently announced funding to improve cybersecurity, including for European healthcare entities.
Bhavana Bhinder, European healthcare and life sciences lead, Office of the CISO
At Google, we have cultivated extensive industry partnerships across the European Union to help healthcare organizations of all levels of digital sophistication and capability be more resilient in the face of cyberattacks.
Collaboration across healthcare organizations, regulators, information sharing bodies and technology providers like Google is essential to get and stay ahead of these attacks.
Cyberattacks targeting the healthcare domain, especially those that leverage ransomware, can take over healthcare systems – completely upending their operations and stopping them from providing life-saving medical procedures, coordinating critical scheduling and payment activities, stopping delivery of critical supplies like blood and tissue donations, and can even render the care facilities physically unsafe. In some cases, these cyberattacks have contributed to patient mortality. The statistics paint a grim picture:Ransomware attacks accounted for 54% of analyzed cybersecurity incidents in the EU health sector between 2021 and 2023, with 83% financially motivated.71% of ransomware attacks impacted patient care and were often coupled with patient data breaches, according to a 2024 European Commission report.Healthcare’s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group increased by nearly 50% in 2024. In one example, a malicious actor targeting European organizations said that they were willing to pay 2% to 5% more for hospitals — particularly ones with emergency services.In-hospital mortality shoots up 35% to 41% among patients already admitted to a hospital when a ransomware attack takes place.The U.K.’s National Health Service (NHS) has confirmed that a major cyberattack harmed 170 patients in 2024.“Achieving resilience necessitates a holistic and adaptive approach, encompassing proactive prevention that uses modern, secure-by-design technologies paired with robust detection and incident response, stringent supply chain management, comprehensive human factor mitigation, strategic utilization of artificial intelligence, and targeted investment in securing unique healthcare vulnerabilities,” said Google Cloud’s Taylor Lehmann, director, Healthcare and Life Sciences, Office of the CISO. “Collaboration across healthcare organizations, regulators, information sharing bodies and technology providers like Google is essential to get and stay ahead of these attacks.”Bold action is needed to combat this scourge, and that action should include helping healthcare providers migrate to modern technology that has been built securely by design and stays secure in use. We believe security must be embedded from the outset — not as an afterthought — and continuously thereafter. Google’s secure-by-design products and services have helped support hospitals and health organizations across Europe in addressing the pervasive risks posed by cyberattacks, including ransomware.Secure-by-design is a proactive approach that ensures core technologies like Google Cloud, Google Workspace, Chrome, and ChromeOS are built with inherent protections, such as:Encrypting Google Cloud customer data at rest by default and data in transit across its physical boundaries, offering multiple options for encryption key management and key access justification.Designing Google Workspace with security-first principles, incorporating AI defenses that block over 99.9% of spam, phishing, and malware, and client-side encryption.Building security and compliance into ChromeOS, which powers Chromebooks, to help protect against ransomware attacks. ChromeOS boasts a record of no reported ransomware attacks. Its architecture includes capabilities such as Verified Boot, sandboxing, blocked executables, and user space isolation, along with automatic, seamless updates that proactively patch vulnerabilities.Providing health systems with a secure alternative through Chrome Enterprise Browser and ChromeOS for accessing internet-based and internal IT resources crucial for patient care.Committing explicitly in our contracts to implementing and maintaining robust technical, organizational, and physical security measures, and supporting NIS2 compliance efforts for Google Cloud and Workspace customers.Our products and services are already helping modernize and secure European healthcare organizations, including:In Germany, healthcare startup Hypros has been collaborating with Google Cloud to help hospitals detect health incidents without compromising patient privacy. Hypros’ innovative patient monitoring system uses our AI and cloud computing capabilities to detect and alert staff to in-hospital patient emergencies, such as out-of-bed falls, delirium onset, and pressure ulcers. They’ve tested the technology in real-world trials at leading institutions including the University Hospital Schleswig-Holstein, one of the largest medical care centers in Europe.With the CUF, Portugal’s largest healthcare provider with 19 hospitals and clinics. CUF has embraced Google Chrome and cloud applications to enhance energy efficiency and streamline IT operations. ChromeOS is noted in the industry for its efficiency, enabling operations on machines that consume less energy and simplifying IT management by reducing the need for on-site hardware maintenance.For the Canary Islands 112 Emergency and Safety Coordination Center, which is migrating to Google Cloud. Led by the public company Gestión de Servicios para la Salud y Seguridad en Canary Islands (GCS) and developed in conjunction with Google Cloud, this migration is one of the first in which a public emergency services administration has moved to the public cloud. They’re also using Google Cloud’s sovereign cloud solutions to help securely share critical information, such as call recordings and personal data, with law enforcement and judicial bodies.Building partnerships and sharing informationInformation sharing is a vital component of securing the healthcare sector against evolving cyber threats. Google actively develops partnerships with information sharing and analysis centers (ISACs) across more than ten critical infrastructure sectors, including a robust ambassadorship with the Health Information Sharing and Analysis Center (Health-ISAC), and with the European Union Agency for Cybersecurity (ENISA).We believe that information sharing must extend beyond threat intelligence to encompass data-supported conclusions regarding effective practices, counter-measures, and successes. Reducing barriers to sophisticated and rapid intelligence-sharing, coupled with verifiable responses, can be the decisive factor between a successful defense and a vulnerable one.Our engagement with organizations including the international Health-ISAC and ENISA underscores our commitment to building trust across many communities, a concept highly pertinent to the EU’s objective of supporting the European Health ISAC and the U.S.-based Health-ISAC’s EU operations.Protecting European health data with Sovereign Cloud and Confidential ComputingWe’re committed to digital sovereignty for the EU and to helping healthcare organizations take advantage of the transformative potential of cloud and AI without compromising on security or patient privacy.We’ve embedded our secure-by-design principles in our approach to our digital sovereignty solutions. By enabling granular control over data location, processing, and access, European healthcare providers can confidently adopt scalable cloud infrastructure and deploy advanced AI solutions, secure in the knowledge that their sensitive patient data remains protected and compliant with European regulations like GDPR, the European Health Data Space (EHDS), and the Network and Information Systems Directive.Additionally, Confidential Computing, technology that we helped pioneer, has helped narrow that critical security gap by protecting data in use.Google Cloud customers such as AiGenomix leverage Confidential Computing to deliver infectious disease surveillance and early cancer detection. Confidential Computing helps them ensure privacy and security for genomic and related health data assets, and also align with the EHDS’s vision for data-driven improvements in healthcare delivery and outcomes.Building trust in global healthcare resilienceWe believe that these insights and capabilities offered by Google can significantly contribute to the successful implementation of the European Health Security Action Plan. We are committed to continued collaboration with the European Commission, EU member states, and all stakeholders to build a more secure and resilient digital future for healthcare.To learn more about Google’s efforts to secure and support healthcare organizations around the world, contact our Office of the CISO.
aside_block
<ListValue: [StructValue([(‘title’, ‘Join the Google Cloud CISO Community’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4d7ea57af0>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed itHere are the latest updates, products, services, and resources from our security teams so far this month:Securing open-source credentials at scale: We’ve developed a powerful tool to scan open-source package and image files by default for leaked Google Cloud credentials. Here’s how to use it. Read more.Audit smarter: Introducing our Recommended AI Controls framework: How can we make AI audits more effective? We’ve developed an improved approach that’s scalable and evidence-based: the Recommended AI Controls framework. Read more.Google named a Strong Performer in The Forrester Wave for security analytics platforms: Google has been named a Strong Performer in The Forrester Wave™: Security Analytics Platforms, Q2 2025, in our first year of participation. Read more.Mitigating prompt injection attacks with a layered defense strategy: Our prompt injection security strategy is comprehensive, and strengthens the overall security framework for Gemini. We found that model training with adversarial data significantly enhanced our defenses against indirect prompt injection attacks in Gemini 2.5 models. Read more.Just say no: Build defense in depth with IAM Deny and Org Policies: IAM Deny and Org Policies provide a vital, scalable layer of security. Here’s how to use them to boost your IAM security. Read more.Please visit the Google Cloud blog for more security stories published this month.
aside_block
<ListValue: [StructValue([(‘title’, ‘Learn something new’), (‘body’, <wagtail.rich_text.RichText object at 0x3e4d7ea57a30>), (‘btn_text’, ‘Watch now’), (‘href’, ‘https://www.youtube.com/watch?v=t_roGtOtlDE’), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Threat Intelligence newsWhat’s in an ASP? Creative phishing attack on prominent academics and critics of Russia: We detail two distinct threat actor campaigns based on research from Google Threat Intelligence Group (GTIG) and external partners, who observed a Russia state-sponsored cyber threat actor targeting prominent academics and critics of Russia and impersonating the U.S. Department of State. The threat actor often used extensive rapport building and tailored lures to convince the target to set up application specific passwords (ASPs). Read more.Remote Code Execution on Aviatrix Controller: A Mandiant Red Team case study simulated an “Initial Access Brokerage” approach and discovered two vulnerabilities on Aviatrix Controller, a software-defined networking utility that allows for the creation of links between different cloud vendors and regions. Read more.Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google CloudAI red team surprises, strategies, and lessons: Daniel Fabian joins hosts Anton Chuvakin and Tim Peacock to talk about lessons learned from two years of AI red teaming at Google. Listen here.Practical detection-as-code in the enterprise: Is detection-as-code just another meme phrase? Google Cloud’s David French, staff adoption engineer, talks with Anton and Tim about how detection-as-code can help security teams. Listen here.Cyber-Savvy Boardroom: What Phil Venables hears on the street: Phil Venables, strategic security adviser for Google Cloud, joins Office of the CISO’s Alicja Cade and David Homovich to discuss what he’s hearing directly from boards and executives about the latest in cybersecurity, digital transformation, and beyond. Listen here.Beyond the Binary: Attributing North Korean cyber threats: Who names the world’s most notorious APTs? Google reverse engineer Greg Sinclair shares with host Josh Stroschein how he hunts down and names malware and threat actors, including Lazarus Group, the North Korean APT. Listen here.To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
AI Summary and Description: Yes
**Summary:**
The text discusses the collaborative efforts led by Google Cloud’s Office of the CISO to enhance cybersecurity in European healthcare organizations, in light of rising cyber threats. Focused on the necessity for strong partnerships and secure cloud technologies, it emphasizes proactive security measures, including the adoption of secure-by-design principles and investments in critical sectors like healthcare.
**Detailed Description:**
The narrative emphasizes the increasing cyber threats facing the healthcare sector in Europe, particularly ransomware attacks, and outlines the strategic initiatives undertaken by Google Cloud to bolster healthcare cybersecurity. Key points include:
– **Threat Landscape:** The evolving global threat landscape makes healthcare organizations particularly susceptible to cyberattacks, necessitating robust cybersecurity measures.
– **European Health Security Action Plan:** Initiated by the European Commission, this plan aims to improve the cybersecurity posture of hospitals and healthcare providers through investment and public-private partnerships.
– **Investment and Collaboration:**
– Prioritizing healthcare as a critical domain for cybersecurity investment.
– Emphasizing collaboration with private sector entities and regulators is crucial for counteracting cyber threats.
– **Impact of Cyberattacks:** Statistics underline severe ramifications of attacks, including:
– Ransomware incidents constituted 54% of cybersecurity issues in the health sector from 2021 to 2023.
– A significant percentage of ransomware incidents (71%) impacted patient care and involved data breaches.
– Increased in-hospital mortality rates during ransomware events, emphasizing the dire consequences of cyber intrusions on patient safety.
– **Secure-by-Design Principles:** Google has developed its technologies with security embedded from the outset, which includes:
– Default data encryption for Google Cloud.
– AI defenses in Google Workspace that block 99.9% of spam and malware.
– ChromeOS architecture designed to prevent ransomware attacks, along with ongoing updates to address vulnerabilities.
– **Support for Healthcare Modernization:**
– Collaborations with healthcare startups and providers to integrate cloud solutions for patient monitoring and operational efficiency, such as aiding in energy efficiency and simplifying IT management.
– Assurance of maintaining compliance with European regulations like GDPR through Google Cloud’s secure solutions.
– **Information Sharing Initiatives:**
– Coordination with Health Information Sharing and Analysis Center (Health-ISAC) and ENISA to facilitate information sharing and best practices among healthcare organizations.
– **Focus on Digital Sovereignty and Confidential Computing:**
– Commitment to the EU’s digital sovereignty, allowing healthcare organizations to utilize cloud and AI while ensuring data privacy.
– Adoption of Confidential Computing technologies to secure sensitive health data during processing.
– **Final Thoughts on Resilience:**
– The discussion consistently emphasizes a holistic approach to cybersecurity in healthcare that includes proactive prevention and investment in secure technologies alongside collaboration with various stakeholders.
Overall, the text portrays a detailed strategy of how Google Cloud is addressing the critical cybersecurity challenges faced by the healthcare industry in Europe, signaling important developments and best practices for security professionals in the field.