Compliant Cyber Threat Intelligence Sharing in Hospitals: Evaluating the Data Anonymisation Tool

Abstract

Healthcare organisations face an unprecedented surge of cyberattacks targeting patient data, clinical systems, and connected medical devices. This study examines two ransomware and data breach cases in the United Kingdom and Finland over the past eight years. Both incidents reveal common weaknesses that could have been mitigated through robust Cyber Threat Intelligence (CTI). Despite its benefits, CTI sharing among hospitals remains rare due to privacy concerns, fear of regulatory violations, and limited institutional trust. Under the General Data Protection Regulation (GDPR) and the emerging EU Cyber Resilience Act (CRA), CTI often includes personal or sensitive system data requiring strict protection and traceability, creating tension between collaboration and compliance. This research evaluates whether the Data Anonymisation Tool (DAT) can enable secure, auditable, and GDPR-compliant CTI sharing. The methodology combines a systematic literature review, regulatory mapping of GDPR and CRA obligations, and a functional assessment of DAT’s anonymisation and audit capabilities. Simulated CTI-sharing scenarios test how anonymised threat data can flow between healthcare organisations without exposing identifiable information. Findings indicate that DAT integrates technical, legal, and governance safeguards into a single process. It delivers GDPR-compliant anonymisation, preserves CTI utility, and ensures full traceability through verifiable audit logs, addressing CRA requirements for accountability and resilience. While governance challenges persist, particularly around trust models and sector-specific standards, DAT demonstrates strong potential to transform compliance barriers into enablers of collaboration. Privacy-preserving CTI sharing is feasible when supported by structured anonymisation and auditing mechanisms. DAT offers a viable pathway to enhance healthcare cyber resilience and aligns with European efforts to promote secure data sharing in critical sectors.