Children’s hospital tenders integrated SOC and cyber services under EU rules
A children's hospital is seeking SOC, training and testing services to harden its systems, illustrating how health providers are adapting to tighter EU cyber rules.
A children's hospital is seeking SOC, training and testing services to harden its systems, illustrating how health providers are adapting to tighter EU cyber rules.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
A specialist children's hospital in Kraków has launched a wide-ranging cybersecurity upgrade, from Security Operations Centre (SOC) capabilities to training and testing, under a new contract notice that reflects tighter EU expectations for critical health services.
Published on 28th January 2026, the contract notice from Wojewódzki Specjalistyczny Szpital Dziecięcy im. św. Ludwika w Krakowie sets out plans to raise the hospital’s cyber resilience through a package of external services.
The hospital is seeking support to improve its cybersecurity through six linked elements: SOC implementation, staff training, penetration testing, licence provision, vulnerability scanning and adjustment of Information Security Management System (ISMS) documentation. Taken together, these measures point to a shift from fragmented safeguards towards coordinated monitoring and management.
The SOC component should give the hospital a central point for tracking activity across its IT infrastructure and responding to incidents. Penetration testing and vulnerability scanning are intended to expose weaknesses before they can be exploited, while licence provision suggests new or expanded security tooling to underpin those services. Training is built in, recognising that technology alone will not protect clinical and administrative systems if staff are unsure how to use it or how to react to alerts.
By including ISMS documentation adjustment, the hospital signals that it is not only upgrading tools but also the policies, procedures and records that govern how information security is managed. That combination of operational capability and documented control is increasingly what regulators expect of essential services, rather than a simple list of installed products.
Across the EU, the NIS 2 Directive has tightened cybersecurity requirements for key public and private operators. A central theme is the need to demonstrate effective capabilities – monitoring, testing, governance and staff competence – rather than relying on informal practices. The Kraków hospital’s tender reflects that integrated approach, weaving SOC services, penetration testing, vulnerability scanning, training and ISMS updates into a single programme of work.
Similar moves are visible elsewhere in the health sector. In December 2025, Szpital Specjalistyczny im. Stefana Żeromskiego SPZOZ w Krakowie launched a programme to enhance cybersecurity through the implementation of an Information Security Management System, combined with ongoing cybersecurity services and training (contract notice). Earlier, in November 2025, Hamzova odborná léčebna pro děti a dospělé sought services to implement an ISMS specifically to comply with new cybersecurity regulations (contract notice).
In December 2025, Zespół Zakładów Opieki Zdrowotnej w Ostrowie Wielkopolskim went further, combining an IT security monitoring system, an ISMS, cybersecurity training and workshops, and a security audit in a single procurement (contract notice). Governance, monitoring and assurance are being commissioned together, not as separate technical add-ons.
The Kraków hospital’s focus on SOC capabilities mirrors a rapid spread of SOC-related procurements across Europe’s public sector. Health organisations have been particularly active. In August 2025, Wojewódzki Szpital Zespolony im. L. Rydygiera w Toruniu sought comprehensive services to deliver, implement, configure and maintain a monitoring system for teleinformation and network infrastructure, including SOC services and employee training (contract notice).
Also in August 2025, Uniwersytet Gdański issued a notice for the implementation and provision of a SOC service to enhance cybersecurity and resilience against cyberattacks (contract notice), underlining that universities as well as hospitals see SOCs as central to meeting higher standards. At Centrum Onkologii Ziemi Lubelskiej im. św. Jana z Dukli, a project published in October 2025 focuses on enhancing data security in medical systems by upgrading workstation and server protection and establishing a SOC service (contract notice).
Hospitals are also pairing SOC capabilities with advanced endpoint protection. In December 2025, Wojewódzki Szpital Specjalistyczny nr 5 im. Św. Barbary w Sosnowcu tendered for XDR-class software alongside SOC services (contract notice), echoing the Kraków hospital’s emphasis on both monitoring and technical control.
Beyond healthcare, SOC projects are spreading across sectors. In October 2025, SID - Slovenska izvozna in razvojna banka, d.d., Ljubljana sought SOC services including SIEM software licences, cyber threat automation, threat hunting and training at the bank’s location (contract notice). In November 2025, DRŽAVNI ZBOR REPUBLIKE SLOVENIJE published a notice to establish and ensure operational delivery of cybersecurity systems along with SOC services (contract notice), showing that parliaments as well as operators are investing in such capabilities.
Critical infrastructure operators are moving in the same direction. Grand Port Maritime Guadeloupe is procuring a managed SOC with advanced tools for continuous security monitoring and incident response management, under a notice from November 2025 (contract notice). Hrvatska vode, the Croatian water management body, launched SOC services procurement in January 2026 (contract notice), while SLOVENSKE ŽELEZNICE, d.o.o. is seeking emergency outsourcing for a Cybersecurity Operations Center, according to an October 2025 notice (contract notice).
New service models are emerging from this wave of tenders:
The Kraków hospital’s inclusion of training and penetration testing underlines a growing recognition that cyber resilience depends as much on people and practice as on technology. SOC services are only as effective as the teams that interpret alerts, run investigations and adjust controls in response to findings.
Many recent procurements couple SOC or monitoring with substantial training components. The Toruń hospital’s August 2025 SOC notice includes employee training alongside monitoring of teleinformation and network infrastructure. SID - Slovenska izvozna in razvojna banka pairs SOC services with training at the bank’s location. Westküstenkliniken’s SOC project brings in training as part of a broader incident response capability. And in December 2025, Slovenská technická univerzita v Bratislave moved to build a dedicated cybersecurity training centre, including a SOC platform, a governance, risk and compliance platform and the necessary hardware and software infrastructure (contract notice).
The Kraków tender fits squarely into this pattern. By asking suppliers not only to implement SOC capabilities but also to provide training, conduct penetration testing, run vulnerability scans and align ISMS documentation, the hospital is signalling that it wants lasting operational capacity, not a one-off technical deployment.
Taken together, the Kraków children’s hospital project and the cluster of late-2025 and early-2026 notices point to a decisive shift in how European public bodies approach cybersecurity. SOC services, structured management systems and training are being procured as integrated packages, often in response to evolving EU rules such as NIS 2. As implementations progress, observers will be watching how effectively hospitals and other operators embed these new capabilities into day-to-day decision-making, and whether shared SOC models can deliver both compliance and practical resilience for essential services.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.