2025’s Critical Shift: How European Healthcare Is Navigating Regulatory, Security, and Anonymization Challenges

In 2025, European healthcare stands at a pivotal moment. Rapid digital transformation, evolving cybersecurity threats, and an ambitious regulatory overhaul are converging to redefine how health data is governed, protected, and leveraged. With the General Data Protection Regulation (GDPR) as the bedrock, healthcare organizations must now respond to a wave of new policies, technologies, and risks that will shape the future of patient care, research, and digital trust.

To navigate this complexity, we’ve brought together a multidisciplinary collaboration we call the Golden Triangle, a strategic alliance of three domain experts: regulatory expert Tanya Chib, cybersecurity expert Dr. Anna Hakkers, and anonymization expert Renate van Kempen. Each angle of this triangle, privacy, security, and anonymization, offers essential expertise to ensure health data is used ethically, safely, and in compliance with evolving European standards.

In this article, the Golden Triangle shares key insights from each domain, offering a unified perspective on how European healthcare can meet the moment through integrated strategies for regulations, security, and anonymization.

Privacy in Healthcare: how regulations are reshaping rights and responsibilities

In recent years, the European Union has introduced a series of groundbreaking regulations aimed at transforming how health data is managed, shared, and protected. These initiatives have the potential to revolutionize healthcare delivery, research, and innovation, but they also present significant challenges for healthcare organizations, medical device manufacturers, and patients alike.

Let’s explore four key regulatory frameworks that are reshaping the European health data landscape.

European Health Data Space (EHDS)

Proposed in May 2022, the European Health Data Space Regulation (EHDS) [P1] represents the EU’s ambitious vision for a unified health data ecosystem. As the first of several planned domain-specific “data spaces”, it aims to set new standards for health data sharing both within Europe and globally.

What it promises: The EHDS has two primary objectives:

Empowering citizens with greater access to and control over their electronic health data across all EU member states.
Creating a framework for responsible health data reuse for research, innovation, and policy development.

The challenges: Despite its promising vision, critics [P2] have identified several potential pitfalls:

The reality of patient control may be diminished, despite claims to the contrary;
Healthcare professionals could face unsustainable administrative burdens;
Inadequate safeguards might allow Big Tech companies to exploit health data;
Existing digital divides between EU Member States could be exacerbated.

Without addressing these governance, transparency, and implementation concerns, the EHDS might struggle to deliver its promised benefits while potentially compromising individual rights and healthcare quality.

The EU-US Data Privacy Framework (DPF)

Established in July 2023, the EU-US Data Privacy Framework (DPF) [P3] represents the third attempt to create a viable cross-border data transfer mechanism between the EU and US, following the invalidation of Safe Harbor and Privacy Shield.

What it promises: The DPF aims to establish “adequacy” for personal data transfers under GDPR, creating a mechanism for legal health data sharing between European and American research institutions and healthcare organizations.

The challenges: Research [P4] highlights several health-specific issues:

The DPF relies on the Federal Trade Commission for enforcement rather than health-specific regulators like HHS
It may conflict with additional country-specific requirements for health data imposed by EU Member States
Integration with existing frameworks like HIPAA creates additional complexity

For healthcare organizations engaged in transatlantic collaboration, alternative approaches may be necessary, such as combining Standard Contractual Clauses with specialized data agreements or advocating for a health industry specific transfer mechanism.

The European Data Act

The Data Act [P5] entered into force in January 2024 (with general applicability from September 2025), the Data Act aims to create a thriving data sharing economy by regulating access to data generated by networked devices and connected services.

What it promises: For medical and health devices, from pacemakers to fitness trackers, the Data Act grants users the right to access their usage data and share it with third parties. Manufacturers must design products with “access by design” principles.

The challenges: Companies face several significant hurdles:

Risk of disclosing trade secrets to competitors despite the Act’s safeguards.
Potential conflicts with General Data Protection Regulation (GDPR), particularly concerning personal health data.
Compliance burdens for medical device manufacturers, who may need costly product redesigns and recertification under EU Medical Device Regulation and EU In Vitro Diagnostic Regulation.

Proactive implementation of appropriate contractual measures, data protection frameworks, and product development adjustments will be essential for companies in the medical device sector.

The EU AI Act

Coming into force in August 2024 (with full applicability by August 2027), the EU AI Act [P6] represents the world’s first comprehensive legal framework for artificial intelligence systems.

What it promises: The Act takes a risk-based approach, categorizing AI systems based on their potential harm:

High-risk AI systems (like medical devices and emergency triage systems) face stringent requirements including risk management protocols and human oversight.
Low-risk systems (like wellness apps) have minimal obligations.

The challenges: Several issues could impact healthcare implementation:

Inadequate oversight of potentially harmful “low-risk” health AI systems.
Ambiguity regarding fundamental rights impact assessments for private healthcare providers.
Limited patient rights compared to other EU regulations.
Potential regulatory escape routes through research exemptions.

Healthcare organizations must now classify their AI systems, train staff on AI literacy, implement required assessment protocols, and address regulatory gaps through sector-specific guidelines.

Looking ahead: navigating the new landscape

As these four regulatory frameworks take effect in the coming years, healthcare organizations across Europe and beyond will need to develop comprehensive strategies for compliance while continuing to deliver high-quality care and drive innovation.

The potential benefits of these regulations are substantial: improved data access and portability for patients, enhanced research capabilities through responsible data sharing, and new safeguards for AI-driven healthcare. However, realizing these benefits will require careful navigation of the complex regulatory environment and thoughtful solutions to the challenges each framework presents.

For healthcare leaders, the time to prepare is now. Understanding these regulations and their implications is the first step toward not just compliance, but leveraging these frameworks to improve healthcare delivery and outcomes while protecting patient rights and data security.

As Europe leads the way in health data regulation, the approaches developed here will likely influence global standards for years to come, making this regulatory evolution relevant far beyond the EU’s borders.

Anonymization in healthcare: an evolving discipline

Anonymization within the European healthcare sector is a critical process, ensuring that personal data is transformed in such a way that individuals can no longer be identified, thereby facilitating data-driven research and analysis while complying with the GDPR. Despite its importance, the implementation of effective anonymization techniques presents several challenges and is subject to ongoing evolution.

Current practices

It’s crucial to distinguish between pseudonymisation and anonymization. According to the European Data Protection Board (EDPB) [A1], pseudonymised data remains personal data under the GDPR and does not meet the criteria for anonymization. True anonymization requires that individuals cannot be re-identified by any means reasonably likely to be used. The UK Information Commissioner’s Office (ICO) [A2] emphasizes that anonymization must render data incapable of identifying individuals, even when cross-referenced with other data.

5 key challenges regarding anonymization in healthcare

Proper protection against singling out: One of the primary challenges in the healthcare sector is addressing the risk of ‘singling out’, where unique combinations of attributes can lead to the identification of individuals. The ICO’s guidelines [A2] highlight this as a significant concern, noting that even datasets stripped of explicit identifiers can still pose re-identification risks if unique patterns remain. This is particularly pertinent in healthcare, where detailed patient records contain numerous data points that, when combined, may be unique to an individual.
Re-using data: Another challenge is that most data is so rich that researchers, suppliers and other third parties would like to use the data for other purposes beyond the purposes originally consented to. This is possible, with anonymization, but only if the risk of re-identification is sufficiently low to fall outside the scope of the GDPR. However, there is currently a lack of up-to-date, authoritative guidance on acceptable thresholds that healthcare organizations can rely on.
Automation: Unfortunately, there are no tools built yet that cover all anonymization challenges. Even though there are some great software solutions, both open source as well as commercial, available, there is still a need for expert knowledge, particularly since most datasets differ or are too complex to fit in a single solution.
Avoid misunderstandings: Additionally, there are common misunderstandings about anonymization that can hinder its effective implementation. The Spanish Data Protection Agency (AEPD) outlines several misconceptions [A3], such as the belief that anonymization is a one-time process or that it is always irreversible. In practice, anonymization requires continuous risk assessment and may need to be re-evaluated as external data availability or technical capabilities evolve.
Maturity and state-of-the-art techniques: The maturity of anonymization practices varies across healthcare organisations. While some institutions have integrated advanced techniques like differential privacy and k-anonymity, others rely on less robust methods. The adoption of these advanced techniques is often hindered by a lack of technical expertise and resources. The EDPB’s guidelines advocate for incorporating anonymization and pseudonymisation as integral components of data protection by design and by default, encouraging organisations to adopt these practices proactively.

Emerging trends and developments

Several trends are shaping the future of anonymization in healthcare:

Absolute vs. Relative anonymization: There’s a growing recognition of the need to assess anonymization in context. Absolute anonymization implies that data is anonymised in all possible scenarios, whereas relative anonymization considers the specific environment and potential data linkages and leaves room for residual risk. The ICO’s guidance suggests that a context-specific approach is more practical and still aligns with the GDPR’s risk-based framework.

Use of Synthetic Data: To mitigate re-identification risks, some organisations are turning to synthetic data generation. This involves creating entirely artificial datasets that mimic the statistical properties of real data without containing actual personal information. While promising, the validity and utility of synthetic data in clinical research are still under evaluation. Personally, I do not believe this approach is mature enough for widespread use in healthcare, especially given the challenges of proving residual risk and establishing the synthetic nature of the data with confidence.

Integration into Data Protection Strategies: Anonymization is increasingly being viewed as a fundamental aspect of data protection strategies. The EDPB emphasizes its role in achieving data protection by design, urging organisations to embed these techniques into their data processing activities from the outset.

Striking the balance: maximizing data utility while minimizing risk

Effective anonymization in the European healthcare sector is essential for balancing the benefits of data-driven healthcare innovations with the imperative of protecting patient privacy. Addressing challenges, such as the risk of singling out, automation, facilitating the re-use of data and avoiding common misconceptions, requires a structured, context-aware approach guided by anonymization experts. By adopting advanced anonymization techniques and integrating them into comprehensive data protection strategies, healthcare organisations can enhance their compliance with GDPR and safeguard patient information effectively.

Cybersecurity in healthcare: securing care amidst complexity, connectivity, and change

Healthcare’s digital security posture in 2025 remains a patchwork of varying maturity across subsectors and geographies. Healthcare providers, such as hospitals and clinics, generally lag behind other industries in cybersecurity maturity [C1.1]. Pharmaceutical companies and life sciences organizations tend to have more mature data security frameworks, driven by intellectual property protection and regulatory compliance. Medtech and medical device manufacturers historically focused on safety and efficacy over security, but are now updating practices due to increased connectivity (Internet of Things of medical devices) and regulator pressure [C1.2]. The result is an uneven landscape: with pockets of excellence and many organizations still catching up. Nonetheless, across medtech, pharma, and providers, there is a clear trend toward greater security maturity and resilience [C1.3].

The critical nature of healthcare security

Data related threats. Healthcare systems safeguard highly sensitive information, from personally identifiable information to intellectual property and research data. Clinical records contain personally identifiable information, protected health information, payment details, and sometimes even biometric data – all in a single dataset. Medical companies not only manage patient data but also protect research and manufacturing information worth millions in intellectual property (IP).

Ransomware remains the most reported cyber threat in the EU healthcare sector, accounting for 54% of incidents. ENISA found that 43% of those cases included confirmed leaks of sensitive information. This highlights how data compromise is one of the most critical and persistent risks in healthcare, both in Europe and globally [C2, C3].

Disruption of critical care. Beyond data breaches, healthcare cybersecurity is increasingly a patient safety issue. Cyberattacks can disable access to electronic health records, delay diagnostics, or disrupt medication schedules, potentially endangering lives [C4]. While direct attacks on therapeutic devices are less common today, the unavailability of critical systems, rather than direct manipulation of therapeutic equipment. Still, manipulation of devices has been demonstrated in lab settings (for example, [C5]).

Healthcare systems are increasingly targeted by sophisticated cyberattacks from nation-state actors and ideologically motivated groups. These actors often aim to destabilize or gain long-term strategic advantage by gathering sensitive health data, disrupting care, or stealing medical IP (for example, [C6], [C7], [C8], [C9]).

The complexity of healthcare security

Complexity & fragmentation. Healthcare organizations operate in extraordinarily complex digital environments that create an especially demanding security landscape. These environments often include a high-risk mix of 20-year-old unpatchable medical devices alongside modern cloud applications, multi-cloud environments coexisting with on-premises legacy systems, and security-critical applications running on outdated operating systems.

Beyond internal IT infrastructure, the products that healthcare organizations depend on introduce another critical layer of complexity. Many medical devices were designed for functionality rather than security, with some devices having expected lifespans of 15–20 years despite running on operating systems that are no longer supported. This creates a patchwork of technologies that security teams must somehow protect as a unified environment.

Data Security not in focus. Compounding both technical and product-driven challenges are governance issues. Siloed data architectures (e.g. disconnected Electronic Health Record (EHR) databases, lab systems, Picture Archiving and Communication System (PACS) imaging archives, pharmacy records, research databases) make it difficult to enforce consistent security policies (such as uniform encryption or centralized monitoring) across all data stores. For example, a hospital’s radiology system might not be integrated with its incident response tools, so a breach in that silo could go undetected.

However, even as healthcare organizations attempt to modernize through data integration initiatives (such as integrated data lakes, and APIs), new risks emerge. Especially when the data security layer is neglected. Centralized platforms aggregate vast amounts of sensitive data, creating high-value targets. Without proper hardening (reducing attack surface in a system), such as secure API authentication, granular access control, and continuous auditing, these platforms become single points of failure. Misconfigurations, especially in FHIR (Fast Healthcare Interoperability Resources) APIs, are proving to be an increasingly common attack vector, as seen in the sharp rise in API-related breaches [C10].

Another major issue is that security context (such as access controls, labels, or data classifications) is often stripped away when data moves through APIs into data lakes or warehouses (consider health information exchanges, data lakes, and research portals). Once decoupled from its original protections, this data is reused in products, dashboards, and research sets with little oversight. This is a recipe for accidental overexposure or misuse.

Last but not least, multi-cloud, multivendor environments typical for healthcare typically lead to data being spread across a multitude of applications and environments for collection, storage and collaboration. This makes it harder to discover, classify, track, and also secure data across these environments, as well as building a comprehensive data security program.

Numerous entry points. In addition to internal risks, external third-party dependencies amplify security challenges. The sector’s complex third-party ecosystem further compounds these challenges, creating significant supply chain risks. From electronic health record (EHR) vendors to medical device manufacturers, imaging centers, and laboratory systems, healthcare organizations rely on dozens or hundreds of third parties that may have access to their systems or data.
Outdated protocols and niche file formats hinder modern security tools (consider how many security tools are able to scan DICOM files), making it hard to enforce consistent protections.

In summary, healthcare IT environments are a mix of highly heterogeneous systems, numerous entry points, and still lack focused attention to data security.

Maturity and state-of-the-art techniques

Foundations. The complexity of the healthcare environment makes it unsurprising that many organizations struggle with basic cybersecurity tasks like access management, data labelling, inventory maintenance, and system patching.

However, beyond technical hurdles, organizational governance gaps are a significant contributor. Systems that are regularly audited tend to have reasonably strong controls, but many others exist with little or no governance. This limits visibility across environments and makes it nearly impossible to implement data security controls consistently.

Furthermore, the rapid emergence of AI technologies introduces new governance challenges on top of fragile foundations. The emerging adoption of AI technologies, often without any AI-specific governance [C11], has further deepened these issues, creating new risks on top of already fragile foundations.

Innovation and security. The rapid acceleration of digital initiatives during the COVID-19 pandemic, including telehealth expansion, remote work capabilities, and digital patient engagement, dramatically widened the gap between innovation and cybersecurity readiness.

While this technological leap was necessary, it often occurred without sufficient parallel security investments. Organizations often deployed new technologies faster than they could secure them, amplifying the vulnerabilities created by poor governance and limited visibility [C12].

As healthcare continues to advance digitally, the tension between innovation and security readiness will only grow, leaving organizations increasingly exposed unless foundational governance and security practices are significantly improved.

Healthcare technology. A cultural shift is also visible in how new healthcare technologies are being built. A notable shift in 2025 is the emphasis on security-by-design in healthcare technology development. Whether it’s a new medical device, a mobile health app, or an EHR software update, building in security from the ground up is now seen as essential. This cultural change is driven by regulatory initiatives such as the FDA’s cybersecurity guidance for medical devices, the EU’s Cyber Resilience Act, alongside the costly lessons of past breaches.

Emerging trends and developments

AI/ML in healthcare. Artificial intelligence and machine learning (AI/ML) are being rapidly adopted in healthcare for tasks ranging from diagnostic image analysis to predictive analytics in population health. While AI promises improved care, it also introduces security concerns. One major issue is the enormous datasets required to train AI models. Often these are aggregations of sensitive data (e.g., thousands of radiology images or millions of EHR records). Protecting these training datasets is critical, as they represent valuable and vulnerable assets. AI/ML applications inherit standard cybersecurity vulnerabilities (such as exposed endpoints and insecure configurations) while also introducing entirely new ones. Attacks like model inversion, where sensitive data can be reconstructed from a trained model, or poisoning attacks, where attackers subtly manipulate training data to corrupt model behavior, directly threaten both data confidentiality and patient safety. Addressing these risks demands collaboration across security, data governance, and data science teams, combining traditional controls with AI-specific defenses. Beyond technical risks during AI development, operational risks also arise in the day-to-day use of AI tools within healthcare organizations. One immediate practical issue is employees using generative AI tools (like ChatGPT) and inadvertently inputting sensitive data. Hospital staff experimenting with such tools for summarizing clinical notes or drafting letters could lead to Protected Health Information (PHI) being sent to external AI services. In summary, AI/ML in healthcare amplifies existing data security concerns and creates new ones: protecting vast training datasets, ensuring model security, and managing AI tools usage. It demands a proactive approach – integrating AI under the umbrella of the organization’s security governance, much like any other mission-critical system.

Health Information Exchanges (HIEs) and emerging networks like Trusted Exchange Framework and Common Agreement (TEFCA) in the U.S. or Gaia-X in the EU (which includes health data spaces) aim to facilitate data sharing among providers and with patients. They typically have robust security frameworks, but as data flows increase, the risk of misrouting or unauthorized access can increase too. A future challenge is implementing fine-grained consent: patients might want to decide which data to share for what purpose (for example, share my lab results with my specialist, but not my mental health notes, or allow my data to be used in research only if anonymized). In conclusion, as healthcare data decentralizes and patients become data custodians, the sector must expand its notion of security beyond institutional walls. Solutions will include building security features into patient-facing technologies, creating trust frameworks for data sharing (so patients can trust that when they do share data, it’s handled properly), and perhaps offering services like secure data back-ups for patients or digital identity tools to safely manage health information access.
Security in multi-cloud and hybrid-cloud. Healthcare organizations are progressively embracing hybrid and multi-cloud infrastructures to meet evolving patient care demands [C13]. This architectural shift demands continuous adaptation of security strategies. Early adopters in healthcare have already moved toward the multi-cloud best practices discussed earlier, but the landscape keeps changing with new cloud services, DevOps practices, and edge computing in hospitals. For instance, leading hospitals are exploring edge computing solutions, particularly for latency-sensitive applications such as imaging and bedside monitoring. These edge systems then sync with cloud systems. Ensuring consistent security from cloud to edge is a new challenge – requiring extending cloud Identity and Access Management (IAM) and monitoring out to edge devices.
Securing APIs and integrations. Multi-cloud healthcare environments lean heavily on APIs to interconnect systems (for example, an API to pull patient data from one system to another). Those APIs themselves become targets. Security efforts must urgently focus on securing APIs, including maintaining comprehensive API inventories, enforcing strong authentication through API gateways, and continuously scanning for vulnerabilities. With HL7 FHIR (Fast Healthcare Interoperability Resources) APIs becoming a standard for health data exchange, ensuring these interfaces are secure (authenticating every API call, throttle to prevent data scraping, etc.) is paramount. Indeed, an API breach could allow an attacker to query massive amounts of patient data if not properly locked down. Moreover, the growing integration of APIs with large language models (LLMs) creates a powerful risk amplification effect. For example, vulnerabilities in prompt handling can be exploited to trigger unauthorized API calls, while weaknesses in API access controls can allow improperly crafted prompts to access or exfiltrate sensitive internal data. In effect, prompt and API vulnerabilities tend to amplify each other, thus turning seemingly benign prompt inputs into high-impact security breaches if APIs are not rigorously secured.This dual-layer risk demands robust protections across both the AI models and the APIs they can access.
Post-Quantum migration. Though still in its developmental stage, quantum computing poses a looming threat to the cryptographic algorithms that protect healthcare data. Today’s common encryption schemes, such as RSA, elliptic curve, Diffie-Hellman, could be broken by a sufficiently powerful quantum computer running Shor’s algorithm. This is especially concerning for healthcare because of the long-term sensitivity of medical data: a patient’s health record from today could still be sensitive 20, 30, or 50 years from now. Adversaries might steal encrypted data now and store it, anticipating future decryption capabilities (a strategy known as “harvest now, decrypt later”). Independently of this long-term threat, Post-Quantum Cryptography migration is an ongoing world-wide ecosystem shift that is spearheaded by the US government, with strong alignment from other governments and major technology industry players. This transition will inevitably affect healthcare providers over the next decade, whether a Cryptographically Capable Quantum Computer emerges within that timeframe. Changes in the ecosystem along with the new standards such as NIST SP 800-208, and evolving regulatory frameworks like the EU’s NIS2 directive and anticipated updates to HIPAA [C14] emphasizing ‘state-of-the-art’ security practices, are making proactive post-quantum migration a critical strategic priority for the healthcare sector.

Embedding resilience

Healthcare’s digital transformation, driven by APIs, cloud infrastructures, and AI, is expanding the security risk landscape. Fragmented IT systems, legacy devices, and decentralized data flows demand a shift from perimeter defenses to integrated, data-centric security models.

Protecting sensitive healthcare information now requires embedding security into technology design, strengthening governance, and preparing for emerging threats such as AI vulnerabilities and quantum computing risks. Organizations that invest early in resilience and forward-looking standards will be best positioned to protect patient trust and critical care services in an increasingly complex environment.