Europe fights back against cyberattacks

Jan 16, 2025

With Lauren Gardner

WORLDVIEW

A ransomware message on a computer screen.

The EU's European Commission is considering a plan to respond to increasing cyberattacks. | Rob Engelaar/AFP via Getty Images

The European Union has a plan for dealing with increasing cyberattacks against hospitals in its member countries.

It includes ramping up support, an early warning system and rapid-response teams to help hospitals fight cyberattacks from hacker groups, the European Commission — the EU’s executive arm — said Wednesday, POLITICO EU’s Sam Clark reports.

Why it matters: National governments reported 309 significant cybersecurity incidents affecting the health care sector in 2023, more than in any other critical sector, the commission said.

Ireland, France and Finland were among the countries that suffered devastating attacks on their hospitals and health care sectors since 2020.

The U.S. has also struggled with health care cyberattacks. The HHS Office for Civil Rights says there was a 141 percent increase in large breaches reported to the agency between 2022 and 2023. An attack on Change Healthcare, a clearinghouse for medical payments, was the largest reported health care breach in U.S. history.

“This is one of our sectors where we can see that [there are] massive cyber attacks, and we have to support [so] they are better prepared,” Henna Virkkunen, the commission's tech and security czar, who presented the plan, told Clark ahead of the launch.

Inside the plan: The plan proposes setting up a European Cybersecurity Support Center for hospitals and the health care sector at the EU’s cybersecurity agency ENISA.

That support center will provide tools and services, including an early warning system, testing and assessing hospitals’ cybersecurity standards, sharing information about vulnerabilities hackers are exploiting and guidance on responding to incidents.

ENISA will get extra funding for this, an EU official granted anonymity to discuss details of the plan told reporters in Brussels. The exact funding has not yet been decided.

The commission also plans to set up a rapid-response service for the health sector and to provide “cybersecurity vouchers,” which will allow EU countries to give cash to small hospitals and health care providers for cyber resilience. No specific amount has been set aside yet, the EU official said.

According to the plan, EU governments should advise health care entities to notify authorities when they've paid or plan to pay ransom to resolve a ransomware attack.

The commission also plans to make decryption tools, which allow organizations to get their data back without paying ransom, more readily available.

What’s next: The commission will review the action plan, most of which is expected to go into effect later this year.

WELCOME TO FUTURE PULSE

West Mountain, N.Y.

West Mountain, N.Y. | Erin Schumaker/POLITICO

This is where we explore the ideas and innovators shaping health care.

An international commission proposes ditching body-mass index, or BMI, for diagnosing obesity in favor of more nuanced metrics, NPR reports.

Share any thoughts, news, tips and feedback with Carmen Paun at cpaun@politico.com, Daniel Payne at dpayne@politico.com, Ruth Reader at rreader@politico.com, or Erin Schumaker at eschumaker@politico.com.

Send tips securely through SecureDrop, Signal, Telegram or WhatsApp.

SAFETY CHECK

An arrangement of pills of the opioid oxycodone-acetaminophen

The company behind a genetic test for predicting addiction risk disagrees with researchers about how accurate it is. | Patrick Sison/AP

The company behind a genetic test for predicting opioid addiction risk, hit back at a JAMA study we covered in Future Pulse last week, which claimed the test may be no more effective than a coin toss.

Researchers who published the study didn't have access to AvertD, the addiction-testing technology, said Ron McCullough, senior vice president of clinical operations at SOLVD Health, which owns AutoGenomics, the test producer.

"Therefore, any comparisons or conclusions in the article to AvertD are invalid," McCullough said.

Inside the study: The genetic variants researchers said underpin the test were accurate in about 53 percent of the cases, the study said. The researchers acknowledged that they didn’t have access to the algorithm that determines the risk — which they included as a limitation of their study — because it’s proprietary.

That doesn’t invalidate the study's conclusions, Dr. Henry Kranzler, a psychiatry professor and the director of the Center for Studies of Addiction at the University of Pennsylvania’s Perelman School of Medicine, who led the study, told Carmen.

“Our careful evaluation of the 15 variants in a real-world clinical setting (where such a test would ultimately be applied) showed them to be virtually useless in differentiating people based on their risk for opioid use disorder,” Kranzler wrote in an email.

SOLVD Health’s McCullough also pointed to researchers’ conflict-of-interest disclosures, which include working on similar technology to the AvertD test.

“We encourage independent experts to evaluate these discrepancies and remain committed to advancing proactive healthcare solutions addressing the opioid crisis,” McCullough wrote in an email.

Kranzler called that accusation baseless, since “it serves to obscure false claims of AvertD’s robust validation.”

TECH MAZE

X (formerly Twitter) app on a smartphone is pictured.

The weight-loss platform Noom's new software update could be a model for other drug companies. | Mauro Pimentel/AFP via Getty Images

Weight-loss platform Noom wants to be a model for drug companies looking to add software encouraging medication adherence to their FDA guidance labels, POLITICO's Lauren Gardner reports.

Noom unveiled its app update, which included medication tracking, side effect help and a meal planner, on Monday.

Inside the update: The updated features are geared toward addressing the behavior change aspect of the drug labels for weight-loss GLP-1s, which the Food and Drug Administration has indicated for use alongside diet and exercise.

Noom CEO Geoff Cook said the tools can help mitigate two of the biggest issues GLP-1 patients encounter — persistently taking the medication due to side effects and losing muscle mass by not intaking enough protein to counteract the drugs’ effects.

FDA guidance: The update comes more than a year after the FDA issued draft guidance outlining how it plans to consider software applications that companies want to add onto their drug labels to differentiate their products, known as Prescription Drug Use-Related Software or PDURS. Companies may wish to offer a software option alongside their medications if they can show that app usage leads to better patient outcomes.

Cook said he expects the agency to finalize the guidance this year.

“We believe that there’s going to be kind of a gold rush toward these digital solutions — not just in GLP-1s … but that pair with a medication,” Cook told Lauren ahead of the announcement. “The fundamental thing here is that these pharma companies are going to be looking for different ways to distinguish themselves in a crowded market.”

Why it matters: The draft framework essentially allows a firm to conduct cheaper Phase IV studies of a software companion when a drug is already on the market, rather than randomly controlled Phase III trials in which the medicine and app are evaluated together.

If the guidance is finalized, it will give companies like Noom the opportunity to be the platform of choice for drug-software combination products, Cook said, even beyond weight-loss drugs.

Follow us on Twitter