Greek hospitals face growing cybersecurity risks as hackers increasingly target sensitive medical data, experts warn.
In 2024, a cyberattack on a UK laboratory provider serving the National Health Service (NHS) disrupted blood tests at major London hospitals, including King’s College Hospital, contributing to the death of a patient due to delayed results. The attack also canceled or postponed over 10,000 appointments, while hackers stole an estimated 400 GB of sensitive patient information.
Dr. Konstantinos Votis, principal researcher at the Institute of Information and Communication Technologies (IPTIL) of the National Centre for Research and Technological Development (CERTH) and scientific lead of the “CyberCare” project at Papageorgiou Hospital in Thessaloniki, highlighted the growing threat of cyberattacks to healthcare institutions. He noted that Greece lacks systematic public statistics on hospital cyberattacks, although some incidents, such as a November 2024 attack on AHEPA Hospital in Thessaloniki, temporarily blocked access to electronic patient records.
Greek organizations, including hospitals, face roughly 1,600–1,700 cyberattacks per week, one of the highest rates in Europe, with ransomware, phishing, and vulnerabilities from third-party suppliers among the most common attack methods. “Ransomware remains the most destructive threat. In 2025 alone, 293 ransomware attacks targeted hospitals globally within nine months, exposing millions of medical records,” Dr. Votis explained. Many attacks involve “double extortion,” combining data encryption with theft for additional blackmail.
The financial value of medical data drives many attacks. Full medical profiles can include personal information, disease history, medications, and insurance details, which hackers sell on the dark web at prices far higher than credit card data. Attacks also carry symbolic or political motives, as targeting major hospitals can enhance a hacker’s reputation in underground forums.
Dr. Votis emphasized that Greek hospitals remain in a transitional stage of cybersecurity preparedness. While awareness and policies are improving, many facilities still operate with outdated systems, insufficient monitoring, and limited funding for security. Hospitals often focus on prevention rather than response, lacking tested incident response plans, disaster recovery protocols, and regular staff training on recognizing malicious communications.
The “CyberCare” project (October 2021 – November 2023) at Papageorgiou Hospital successfully strengthened the resilience of connected medical devices and hospital networks. Initiatives included a pilot telemedicine program for pregnant women in remote regions of Greece, ensuring secure transmission of sensitive data to supervising doctors.
Dr. Pantelis Angelidis, professor at the Department of Electrical and Computer Engineering at the University of Western Macedonia and founder of VIDAVO, highlighted that the rapid digital transformation and large volumes of high-quality data increase exposure to cyber threats. EU regulations, such as NIS2 and the European Health Data Space (EHDS), alongside programs from the Recovery and Resilience Fund (RRF), are driving enhanced cybersecurity requirements in Greek hospitals, emphasizing risk management, secure data handling, and compliance with European standards by 2027.
Stay updated with the latest news from Greece and around the world on greekcitytimes.com.
Contact our newsroom to share your updates, stories, photos, or videos. Follow GCT on Google News and Apple News.
