Fake NIS2 Directive hospital/healthcare mandatory cybersecurity incident disclosure notice from non-official sender targeting European IT/compliance staff — impersonates ENISA with "report within 24/72 hours or face non-compliance fine" urgency

Fake NIS2 Directive hospital or healthcare-sector mandatory cybersecurity incident disclosure notice from a non-official sender, targeting European healthcare organizations' IT and compliance staff. The EU NIS2 Directive (Directive 2022/2555) requires essential entities including hospitals and healthcare providers to report significant cybersecurity incidents to national supervisory authorities within 24 hours (early warning) and 72 hours (detailed report), with non-compliance fines up to €10M or 2% of global annual turnover. Attackers impersonate ENISA or EU regulatory bodies with fake "mandatory incident disclosure required — report within 24 hours or face non-compliance fine" emails, attempting credential harvest (fake regulatory portal login) or deploying malware via "mandatory security assessment" attachments. The signal fires when: (1) body references NIS2, NIS 2 Directive, ENISA, essential entities, or EU cybersecurity directive AND (2) mandatory incident disclosure / 24-hour / 72-hour notification / non-compliance fine urgency is present AND (3) sender is NOT enisa.europa.eu, ec.europa.eu, nis2.eu, or a .gov domain AND (4) no List-Unsubscribe or In-Reply-To. Source: GC1 R15 council #4; ENISA NIS2 implementation advisory 2024; Recorded Future EU healthcare sector threat report Q1 2026.