Transferring personal data to third-party service providers acting as data processors is not forbidden by the EU GDPR. However, you need to ensure that the processors have on place adequate technical and organizational measures to protect the data.
2. Do I need to get consent if I want to transfer the data?
No, you don't need to have consent to use and to transfer personal data to third party processors. However, you need to ensure that the data subjects are informed of the use of such processors via a Privacy Notice.
3. Do I need to encrypt the data before sending or what measures I need to take?
Although not mandatory under the EU GDPR, I would strongly advise you to use encryption while sending personal data and also ask the processor to have encryption at rest. This is due to the fact that data concerning health is transferred.