A new cyber upgrade for a children's health centre shows how hospitals are reshaping IT procurement to pair digital care services with tighter security.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
A new cybersecurity upgrade at a children’s and family health centre in Sosnowiec underlines how hospitals are reshaping IT projects to meet stricter European security expectations.
On 30th December 2025, Centrum Zdrowia Dziecka i Rodziny im. Jana Pawła II w Sosnowcu Sp. z o.o. published a contract notice to enhance the IT systems at the Children and Family Health Center in Sosnowiec. The Sosnowiec upgrade promises a “comprehensive cybersecurity package” that combines new technology with managed services.
According to the notice, the package will include firewalls, an information security management system, managed security services and network improvements. Together, these elements are meant to strengthen the centre’s defences while modernising its underlying infrastructure.
Firewalls provide a frontline filter for traffic flowing in and out of the network. An information security management system points towards a more structured approach to policies, procedures and risk management, rather than relying only on individual tools. Managed security services suggest that at least part of the day-to-day security work will sit with a specialist provider, instead of being handled entirely in-house.
The scope also covers wider network improvements, indicating that the centre aims to address not only obvious security gaps but also the resilience and design of its IT environment. The notice is brief and does not disclose contract value, brands or standards, yet it clearly frames cybersecurity as a system-wide issue for a children’s and family facility, not a narrow technical add-on.
The Sosnowiec tender sits within a wave of healthcare cybersecurity procurements across Poland and neighbouring countries in 2025 and early 2026.
In July 2025, the Higher Vocational School of Health Care Brno launched the Enhancing Cybersecurity for VOŠZ Brno contract to modernise and expand its software and hardware systems, adding advanced security solutions and upgrading infrastructure. Even a health-focused vocational school is investing in stronger cyber protection.
Later that month, Nemocnice Kadaň set out its Cybersecurity Infrastructure for Kadaň Hospital project, covering acquisition and implementation of hardware and software infrastructure for cybersecurity, with technical support, maintenance, training and integration services. Here, as in Sosnowiec, one-off technology purchases are coupled with ongoing services.
In August 2025, Nemocnice Blansko’s Cybersecurity Enhancement for Hospital procurement combined analysis, security audits, policy creation and the delivery of hardware and software systems to secure the internal network. Governance, documentation and technical measures appear together in a single package.
Several other notices focus squarely on operational capabilities. The City Hospital of Ostrava’s Cybersecurity Enhancement for Hospital, published in December 2025, centres on user identity verification, access management and incident detection, backed by post‑implementation services and a warranty. Szpital w Szczecinku’s November 2025 Digital Transformation of Healthcare project lists LAN segmentation, email protection, event analysis, vulnerability management and a token system for access authorisation.
University Hospital No. 1 in Bydgoszcz takes a modular approach. Its December 2025 Digital Services and Cybersecurity notice divides its project into three parts: workstation protection, backup system licences and email protection. That structure lets suppliers specialise while ensuring coverage of key attack surfaces.
Many recent health-sector procurements tie cyber upgrades directly to broader digital transformation and e‑health projects. The Warmińsko-Mazurskie Centre of Lung Diseases in Olsztyn, for example, issued a Digital Transformation Hardware Procurement notice in September 2025 for IT equipment and software to enhance digital services in health protection. The scope runs from computer equipment and platform updates to LAN expansion, cybersecurity measures and backup improvements.
A similar pattern appears in the ICT Equipment Procurement for Healthcare from a clinical hospital in Katowice, published in January 2026. There, ICT purchases are explicitly intended to enhance digital services and raise cybersecurity levels in support of a wider digital transformation in healthcare.
Several provincial and university hospitals are upgrading clinical systems and cybersecurity in tandem. In December 2025, the Provincial Hospital in Koszalin advertised its Digital Services and Cybersecurity Upgrade, covering IT equipment and software to enhance digital services and cybersecurity, including expansion of PACS and HIS systems along with training and integration. That same month, Uniwersytecki Szpital Kliniczny in Rzeszów published Digital Services and Cybersecurity Solutions to develop digital services and strengthen cybersecurity at both the general hospital and the Podkarpackie Oncology Center through server equipment, software and dedicated cybersecurity solutions.
Other projects place cybersecurity within even broader reform packages. The Pałuckie Health Center’s Digital Transformation for Healthcare Improvement notice from November 2025 links integration and expansion of IT systems, digitisation of medical documentation, cybersecurity upgrades and the implementation of AI solutions. Radomski Szpital Specjalistyczny’s IT Systems Expansion for Healthcare, published in November 2025, adds a call centre system and electronic document signing to the mix alongside cybersecurity improvements.
Even where cyber is not the headline, it is now rarely absent. A project in Giżycko described in Digital Transformation Equipment and Software focuses on delivering IT equipment and software to enhance digital services in health protection, while Tomaszowskie Centrum Zdrowia’s Digital Transformation for Health Center concentrates on active network elements and services to improve cybersecurity as part of a wider digital initiative.
The Sosnowiec children’s centre is not alone in foregrounding management systems and services. Szpital Specjalistyczny im. Stefana Żeromskiego in Kraków, for instance, is procuring a Cybersecurity Services for Healthcare package built around an Information Security Management System, combined with ongoing cybersecurity services and training. The emphasis is on embedding security into everyday processes, not just installing tools.
In Nemocnice Blansko and Szpital w Szczecinku, analysis, security audits, event analysis and vulnerability management feature prominently. Nemocnice Na Františku, through its October 2025 Cybersecurity Enhancement for Hospital tender, highlights a logging system and an automatic patching tool, both procured in compliance with relevant regulations. Nemocnice Dačice’s Enhancing Cybersecurity at Dačice Hospital project focuses on server-room technologies, network security enhancements and comprehensive security and monitoring software.
Event recording and backup recur across several procurements. Regional Hospital Příbram’s December 2025 Cyber Security Enhancement for Hospital notice covers communication network security, LAN infrastructure, event recording, incident detection, application security and backup technology. In Oława, the IT Systems and Devices Delivery contract brings together cybersecurity licences, backup systems, firewalls, network switches and servers for a digital transformation project in healthcare.
These approaches echo the mix of firewalls, an information security management system, managed security services and network improvements sought in Sosnowiec. The direction of travel is clear: public health bodies are procuring security capabilities that cut across infrastructure, operations, governance and user behaviour.
This concentration of security‑focused health projects is unfolding against the backdrop of the EU’s NIS 2 Directive, which extends formal cybersecurity obligations to sectors including healthcare. The notices rarely name the Directive, but their content is consistent with organisations preparing for a stricter regulatory environment.
For public buyers, that means turning broad legal duties into concrete requirements for suppliers. One response is to bundle multiple measures into a single procurement: firewalls, secure networks, backup, event logging, identity and access controls, user training and, in some cases, information security management systems and AI‑based tools. Another is to specify post‑implementation support, maintenance and managed services, as seen in Sosnowiec, Kadaň, Ostrava and Kraków.
The trend is not confined to hospitals. The statutory city of Prostějov, for example, is upgrading its municipal data centre through the Cybersecurity Infrastructure Expansion project, adding technological elements to improve the protection of data and services. Such investments show how cybersecurity is becoming a recurring theme across public‑sector infrastructure, not just in frontline clinical facilities.
The notices examined here do not set out budgets, funding sources or contract durations, so the scale and pace of implementation remain unclear. What they do show is a consistent pattern: cybersecurity is now treated as a core component of digital health projects, not an afterthought.
As European cybersecurity obligations bed in, further tenders are likely to follow the path set by the Sosnowiec project and similar contracts across Poland and the Czech Republic. Suppliers that can combine infrastructure, security tools, management systems and long‑term services will be in demand, while public buyers will be under pressure to ensure that these complex packages translate into measurable improvements in resilience and protection of patient data.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.