Spain Approves Comprehensive Cybersecurity Strategy for National Health System 2025-2028
Spain's National Health System unveils a robust cybersecurity strategy for 2025-2028 to combat rising cyber threats and enhance healthcare data security.
- • Approval of Cybersecurity Strategy for Spain's National Health System 2025-2028.
- • Strategy developed collaboratively with multiple autonomous communities.
- • Response to rising cyberattacks targeting healthcare infrastructure.
- • Strategy includes eight key objectives and aligns with national and European cybersecurity guidelines.
Key details
Spain's Interterritorial Council of the National Health System (CISNS) has approved a significant Cybersecurity Strategy aimed at protecting the National Health System (SNS) from increasing cyber threats over the period 2025 to 2028. Developed collaboratively with key regional communities including Andalusia, Catalonia, Valencia, Galicia, and the Balearic Islands, the strategy addresses a notable rise in cyberattacks such as ransomware, data theft, and system intrusions targeting healthcare infrastructure both domestically and internationally.
According to the Ministry of Health and the National Cybersecurity Institute (INCIBE), incidents in 2024 primarily involved malware, unauthorized access, and ransomware affecting primary care centers and hospitals, jeopardizing sensitive medical records and operational integrity. To combat these challenges, the strategy sets out eight strategic objectives, including establishing a national collaboration network for cyber incident response, maintaining the integrity and availability of health data, and providing ongoing cybersecurity training for healthcare personnel.
The framework aligns with Spain's broader National Cybersecurity Strategy and European guidelines, positioning the SNS as a leader in healthcare cybersecurity through innovation and institutional cooperation. The strategy is structured around twelve strategic axes covering governance, crisis management, supply chain security, and secure technology procurement, with phased implementation across a national roadmap. Oversight will be coordinated by the General Secretariat of Digital Health, Information, and Innovation via a dedicated Cybersecurity subcommittee within the Digital Health Commission.
The Ministry of Health affirmatively views this initiative as crucial for enhancing operational resilience, safeguarding personal data amid digital transformation and AI adoption, and fostering a robust cybersecurity culture within Spain's public healthcare system.
This article was synthesized and translated from native language sources to provide English-speaking readers with local perspectives.