Securing Tomorrow: Cyber Resilience and AI Innovation in European Healthcare - DHAGE 2025 Meeting

The 2025 DHAGE High-Level Meeting, held during the HIMSS25 Conference in Paris, brought together ministries of health, European institutions and international organisations to address two strategic priorities: reinforcing cybersecurity in health systems through regulatory compliance, real-world cyber threat case studies, and a coordinated European response; and accelerating the integration of artificial intelligence by advancing innovative technologies and supportive policy frameworks to enhance European competitiveness in healthcare technology.

Cybersecurity featured prominently on the agenda, with discussions centred on the European Commission’s new Action Plan on the Cybersecurity of Hospitals and Healthcare Providers. The French CARE Programme and the Netherlands’ national model offered complementary strategies for improving preparedness, ranging from governance and operational security to stakeholder training and real-time risk management.

The Artificial Intelligence session explored the key enablers and barriers to AI integration in European health systems, highlighting the need for cohesive regulation, investment strategies, and governance structures. Drawing on national insights from Finland, Portugal, and France, and expert contributions from the European Commission and the OECD, the discussions addressed the need for AI procurement reform, secondary use of health data, cross-border cooperation, and the development of trustworthy, scalable AI infrastructures and evaluation frameworks.

The DHAGE 2025 members agreed on eight targeted recommendations to advance cybersecurity and the responsible use of artificial intelligence in healthcare.

Addressing Cyber Challenges

  1. A cultural shift in healthcare is essential: cybersecurity must become everyone’s responsibility. This should be reinforced through comprehensive training, including EU-wide simulation exercises.
  2. Investments in infrastructure—both hardware and software—are critical to support resilient, secure health data exchanges, including the implementation of the European Health Data Space (EHDS).
  3. National governments and the EU must develop and implement cybersecurity strategies, supported by governance frameworks and sufficient resources. A funding target of 10% of the digital health budget should be considered for building and maintaining cybersecurity.
  4. The European Commission should implement the European Action Plan on Cybersecurity of Hospitals and Healthcare Providers ambitiously, promoting EU-wide cooperation and ensuring adequate resource allocation as part of broader European defence efforts.

Making AI Work in Healthcare

  1. Governments, in coordination with the EU institutions, should fast-track the deployment of AI in healthcare by establishing clear, scalable procurement pathways and dedicated investment instruments.
  2. Data governance should be implemented as an integral part of the AI-related policies. Recognising data as a strategic enabler, robust governance frameworks are essential to building legal, ethical, and operational trust—and to realise the full potential of AI in European healthcare.
  3. The European Union and national governments should invest in the continuous development and improvement of pipelines for AI technologies to support both the technical and social robustness, as well as the scalability, of AI systems.
  4. The European Union, with support from the OECD and the WHO, should adopt and monitor a core set of EU-wide indicators for assessing the impact, quality, and safety of AI solutions.

The views and opinions expressed in this document are those of the authors and participants of the DHAGE meeting, and do not necessarily reflect the official policy or position of the participating countries, organizations, or HIMSS or its affiliates.