• Home  
  • Security, Resilience and European Maturity
- blog - Op-Ed

Security, Resilience and European Maturity

In 2020, Finland faced one of the most disturbing cyber incidents in European healthcare. The Vastaamo psychotherapy center reported an attack on its patient records database – deeply personal records from psychotherapy treatments, containing information patients had shared during the most vulnerable moments of their lives. By Azir Aliu The case shook the Finnish public […]

In 2020, Finland faced one of the most disturbing cyber incidents in European healthcare. The Vastaamo psychotherapy center reported an attack on its patient records database – deeply personal records from psychotherapy treatments, containing information patients had shared during the most vulnerable moments of their lives.

By Azir Aliu

The case shook the Finnish public because it revealed something every modern healthcare system must seriously understand: when health data is not protected, not only is privacy endangered, but trust in the system itself is compromised. And trust, which also incorporates an intimate dimension, is the foundation upon which every relationship between patient, doctor, and institution rests.

This is the perspective from which the fifth pillar of our Digital Health Strategy 2026–2030 should be understood, as it encompasses issues of cybersecurity, resilience, and European integration. These aspects are prerequisites for everything we aim to build. Connected healthcare without security is vulnerable healthcare. Healthcare that uses data without clear rules risks losing the trust of its citizens. A digital system without a crisis plan can fail precisely when patients need it most. In other words, we arrive at the pillar that protects all four previous pillars upon which we built the strategy. If interoperability enables data to move, if patient-centered access gives citizens greater control, and if analytics allows better planning, then cybersecurity ensures that all of this happens securely, lawfully, and responsibly.

My position is that healthcare digitalization must be built with confidence, but also with discipline. We must not view it in isolation or merely as a technical matter, such as the procurement of new software, but rather as the creation of a functional national healthcare infrastructure. And every infrastructure that stores data about citizens’ lives, health, and privacy must uphold the highest protection standards.

Health data speaks of diagnoses, therapies, risks, outcomes, habits, hereditary conditions, and life circumstances. It contains medical value, but also human sensitivity. Because of its intimate nature, its protection must not depend on differing practices across institutions, ad hoc solutions, or the goodwill of individuals. Protection must be part of the system itself, embedded in regulations, management, training, and the everyday operations of healthcare institutions.

Patients have the right to know that their data is used for their treatment, better prevention, public health analysis, or scientific research only within clearly defined and controlled frameworks. Doctors, meanwhile, must have timely access to the information they need to make sound medical decisions. There is no contradiction between these two needs if the system is properly designed. On the contrary, a good system simultaneously ensures accessibility and protection.

That is why healthcare systems must know who accessed a piece of data, when it was accessed, for what purpose, under what authorization, and with what responsibility. Strong identification, access control, encryption, activity logs, consent management, and regular system audits are not bureaucratic layers. They are the mechanisms through which trust becomes verifiable.

But security does not end with protection against unauthorized access. A mature healthcare system must also be resilient. This means having the capacity to continue operating when technical failures, disruptions, attacks, or crises occur. In healthcare, the interruption of a digital system can mean delayed examinations, inaccessible test results, blocked communication, additional pressure on doctors, and uncertainty for patients.

Business continuity must become part of patient safety. For every critical service, there must be a plan: how operations continue, which processes take priority, which data must be immediately available, who makes decisions, how institutions are informed, and how the system returns to normal functioning. Procedures, regular exercises, trained teams, and an institutional culture that does not wait for a crisis before thinking about risk are all essential.

European analyses show that healthcare is among the sectors most exposed to cyber threats. ENISA, the European Union Agency for Cybersecurity, warns in its analyses of the healthcare sector that ransomware attacks—malicious software that blocks systems or data and demands payment for their release—are among the most serious threats. One ENISA report states that “ransomware attacks account for 54% of cybersecurity threats in the healthcare sector.” In other words, the greatest danger is not only that someone gains access to data, but that systems are blocked, services interrupted, and healthcare institutions forced to choose between time, data, and patient safety.

European integration in this field has a very concrete meaning. NIS2, the Directive on Security of Network and Information Systems, establishes higher obligations for protecting critical sectors, including healthcare. GDPR, the General Data Protection Regulation, provides the framework for privacy and citizens’ rights. The Data Governance Act introduces rules for the trustworthy and responsible use of data. The AI Act establishes standards for the safe and controlled use of algorithms and emerging technologies. Viewed together, the adoption of these European rules should not be seen as a bureaucratic burden, but as a system of protection for every element that makes up the healthcare system and all users of its services.

The same European logic underpins the European Health Data Space (EHDS). Its essence can be explained simply: health data should securely follow the patient, rather than patients carrying their medical history from one institution to another. If a citizen requires healthcare services in another European country, a doctor—under clear rules and with privacy safeguards—should be able to access the essential information needed for treatment, such as allergies, current therapies, previous illnesses, surgeries, and similar records. If a patient has an electronic prescription, it should be recognized through a shared European digital infrastructure.

A practical example of this already exists in Europe. Finland and Estonia were among the first countries to enable the cross-border use of electronic prescriptions. A Finnish patient can receive an electronic prescription from a doctor in Finland and collect the medication at a pharmacy in Estonia, with the pharmacy securely recognizing the prescription through the European digital infrastructure. The same later became possible for Estonian patients in Finland. This is the essence of the European Health Data Space and MyHealth@EU translated into an everyday healthcare service.

For our country, this represents both a major opportunity and a clear obligation. European integration in healthcare should not be viewed as a formal political milestone to wait for, but as a methodology for domestic reform. Every security standard will mean greater protection for patients, while every harmonized procedure will bring greater predictability for institutions.

That is why we are positioning the fifth pillar as a practical agenda for strengthening cybersecurity capacities in the healthcare system, developing business continuity plans, incident response protocols, patient data protection mechanisms, alignment with European regulations, and preparing institutions for future participation in the European Health Data Space.

In this context, the next European step naturally follows. On Wednesday, June 24, 2026, we will sign the Accession Agreement to EU4Health. This program is important not only because it provides access to European calls and financial instruments, but also because it brings us into the European healthcare project space, where solutions are being developed for resilient healthcare systems, digital health, health data, quality, patient safety, prevention, crisis management, and workforce development.

In that sense, EU4Health can become an important instrument for implementing the fifth pillar: through expert support, partnerships, training, project calls, and connections with European institutions already working on cybersecurity, health data, resilience, and digital transformation. But its significance extends beyond this single pillar. The program opens opportunities for the entire healthcare policy framework to connect with European knowledge, standards, and resources.

For this reason, the signing will not be merely a formal act. The Ministry of Health is already prepared to begin actively presenting the program immediately after the agreement is signed, mapping potential beneficiaries and supporting institutions in participating in European calls. Our goal is to bring this opportunity closer to universities, medical faculties, clinics, hospitals, institutes, professional associations, patient organizations, and all relevant stakeholders in the healthcare system.

In the end, security, resilience, and European integration are not three separate topics. They are part of the same vision: a healthcare system that protects patient data, continues to function in times of crisis, and knows how to use European opportunities to become stronger. This is the essence of the fifth pillar of the Digital Health Strategy 2026–2030 and the direction in which we will steer Macedonian healthcare.

The author is Minister of Health in North Macedonia

About Us

Adress:


Bul. Ilirya, Nr.5/2-1, 1200 Tetovo
 
Republic of North Macedonia
 
BalkanView is media outlet of BVS

Contact: +389 70 250 516

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

BalkanView  @2025. All Rights Reserved.