Language / Jezik: Croatian / Hrvatski

European Health and Digital Executive Agency

Action No: 2020-HR-IA-0126


Action name: "Building „General Hospital Varaždin“ cybersecurity capacities to meet national and EU legislation"


The action shall run from 01/09/2021 (“the starting date”) until 30/06/2024 (“the completion date”).

The grant for the action shall be of a maximum amount of EUR 298,598.

The grant shall take the form of:  the reimbursement of 75.00% of the eligible costs of the action ("reimbursement of eligible costs"), which are estimated at EUR 398,130




The main objective of the action is to support General Hospital Varaždin internal capabilities to meet security and reporting requirements under Croatian and EU legislation (NIS Directive 2016/1148) as an Operator of Essential Services (OES) in the healthcare sector.

This will be achieved by the introduction of new organizational structure; establishment of cybersecurity procedures; introduction of new IT tools (such as DLP - Data Loss Prevention, AMES - Availability Monitoring of Essential Services, SIEM - Security Information and Event Management, EDR - Endpoint Detection and Response, CIMS - Cybersecurity Incident Management System); using a managed Security Operation Centre (SOC) services; conducting vulnerability and penetration testing; as well as educating the beneficiary's personnel on cybersecurity issues.

The Action will improve the beneficiary's cooperation with relevant cybersecurity stakeholders at the national and European level. It will implement communication channels and procedures for information cyber security sharing to ensure effective cyber security information exchange for all stakeholders in health management system and reporting mechanisms with competent ministry, national CSIRT and other bodies. The beneficiary will also join a relevant European Level Sectoral ISAC, and/or will participate in events organised by the ISAC facilities manager (set-up by the European Commission) and will have used the support services of that manager and it will contribute to security operations centres (SOCs) in line with the EU Cybersecurity Strategy.

As a result of this Action, the beneficiary’ cybersecurity resilience to detect, report and respond to cyber threats will be improved, limiting the economic and political damage of cyber incidents.






The contents of this publication are the sole responsibility of General hospital Varaždin and do not necessarily reflect the opinion of the European Union