POLAND Trends and Developments Contributed by: Barbara Kiełtyka, Jakub Gładkowski and Małgorzata Kiełtyka, Kieltyka Gladkowski KG Legal
Since January 2025, Poland has assumed the presidency of the Council of the European Union, a fact of key importance for the healthcare sys- tem and the pharmaceutical market. Currently, a pharmaceutical package is being finalised, the European Health Data Space is being imple- mented and the health technology assessment (HTA) and so-called European biopharmaceuti- cal strategy are being reformed. These activi- ties will be of significant importance for Europe’s competitiveness in the area of healthcare. The healthcare market in Poland is investing in necessary innovations, which will require the supplementation of EU legislation and the crea- tion of new legal and investment frameworks. An example of this is investment in artificial intelligence (AI) factories in line with Council Regulation (EU) 2021/1173 of 13 July 2021 on establishing the European High-Performance Computing Joint Undertaking, aimed at the cre- ation of supercomputers implementing state-of- the-art generative AI models to drive progress in AI applications (apps) in various sectors, such as healthcare. Healthcare Cybersecurity To counter cyber-attacks, advanced cybersur- veillance and espionage tools, such as rootkits, as well as investment in cybersecurity opera- tions and databases belonging to healthcare entities are key. The Polish healthcare sector is highly valuable for foreign IT service providers, providing data protection solutions. Polish law generally focuses on establishing responsibil- ity for the security of healthcare market entities, the internal procedures of such entities and the associated complex data processing. Pol- ish regulations cover due diligence procedures, penalisation and the distribution of liability in case of advanced cyber-attacks on the criti- cal infrastructure of public healthcare entities.
Salt Typhoon is a well-known threat actor, but above all, ransomware – malicious software that infects computer systems and then encrypts the data stored therein, making it inaccessible to the owners of the systems – must be countered. In the healthcare sector, the Polish justice sys- tem currently uses legal tools that are aimed at protecting data and IT systems and counteract- ing cybercrime. Article 267 of the Penal Code is increasingly used for cybercrime, penalis- ing unauthorised access to computer systems (eg, through password capture or overcoming system security to illegally obtain protected information). In Poland, there is also a ban on creating and distributing malicious software, as specified in Article 269b of the Penal Code. This includes computer viruses, spyware and tools that allow the bypassing of security and attack- ing of IT systems, which is the most common form of attack on medical data. In the civil sphere in Poland, as in the rest of the EU, the basic legislation regulating civil liability for data breaches, including medical data, is the General Data Protection Regulation (GDPR), with the key articles being Article 82 (liability for data leakage) and Article 32 (required technical meas- ures). This Regulation forces healthcare entities to implement information security management standards, such as the International Organiza- tion for Standardization (ISO) 27001 standard. The most recent example of a cyber-attack in the healthcare sector in Poland is an incident involv- ing one of the country’s largest hospitals, which was targeted by a ransomware cyber-attack that disrupted the facility’s computer systems. The attack involved the use of malicious software that encrypted files stored on the hospital’s serv- ers, posing a high risk of unauthorised access
228 CHAMBERS.COM
Powered by FlippingBook