ASCLEPIOS | Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Healthcare

Encryption and Cyber Security Solutions

During 2020 the project has progressed on the design and implementation of the ASCLEPIOS encryption services that will offer to healthcare providers a complete set of secure, encryption-based services for cloud-based operations,

These services are:

1. The ASCLEPIOS searchable encryption protocol enabling searching over encrypted medical data.

2. The combined Symmetric Searchable Encryption + Attribute-Based Encryption scheme to offer enhanced access control over encrypted medical data.

3. The ASCLEPIOS functional encryption analytics services that allow healthcare providers to perform statistical computations over encrypted data.

4. The Emnet tool for the execution of privacy-preserving statistics across multiple care service providers using Multi-Party Computations.

5. A set of log-based analytics that allow data owners and data controllers to assess the efficacy of the defined access control policies and learn potential improvements for protecting data stored on the cloud.

6. The ASCLEPIOS CEAA  that helps healthcare providers detect abnormal behaviour and leverage extracted knowledge to build threat preventive mechanisms.

CUREX | Secure and Private Health Data Exchange

Delivery of all CUREX Components

One of the main objectives of CUREX is the delivery of different solutions related to the analysis, identification and management of security risks associated with the data exchange between healthcare organisations. 

1. The Asset Discovery Tool (ADT) detects all the devices that are connected to a hospital’s network.

2. The Vulnerability Discovery Manager (VDM) analyses all possible vulnerabilities that can potentially be exploited in the infrastructure.

3. The Knowledge Extraction Analytics (KEA) tool identifies a set of techniques that harvest the knowledge extracted from health data sources or network monitoring, in order to reveal vulnerabilities and the profile of threats in health systems.

4. The Threat Intelligence Engine (TIE) provides real-time information about malicious activities detected in the target system.

5. The Cybersecurity Assessment Tool (CAT) identifies the threats to which healthcare organizations are exposed to and quantifies the risk caused by a wide variety of threats during data exchange.

6. The Privacy Assessment Tool (PAT) provides healthcare organisations with the appropriate privacy levels in complete alignment with the GDPR directives to protect patients’ personal and sensitive clinical data.

7. The Optimal Safeguards Tool (OST) devises optimal safeguards subject to a set of parameters associated with the healthcare organisations that exchange data as well as the exact data per se. Τ

8. The Health Professional Application (HPA) and the Patient Application (PA) are end-user applications of the CUREX platform aiming to help the patients, hospital personnel and all other stakeholders in establishing a secure and GDPR compliant process for health information exchange.
    

FeatureCloud| Privacy preserving federated machine learning and blockchaining for reduced cyber risks in a world of distributed healthcare

Scientific Paper: Privacy-preserving Artificial Intelligence Techniques in Biomedicine

FeatureCloud is about the proof of feasibility and implementation of a new security and privacy technique in the medical domain, that is, federated machine learning. Consortium members have summarized the state of the art in privacy-enhancing technology for the processing of biomedical data.

The publication is available via open access in the following link.

Scientific Paper: Information Leaks in Federated Learning

This paper has estimated how well membership inference attacks, for example, determining whether a data sample was used in a machine learning model training process. This translates also to federated learning, for example, whether there is an increased risk to the privacy if honest-but-curious participants can observe a number of exchanged model parameters. Results of this attack analysis fed into the risk analysis and will contribute to the mitigation strategies in Work Package 2, and will influence directly the implementation of the federated learning in Work Package 7 in the FeatureCloud project.

The publication is available via open access in the following link.

PANACEA| Delivering people-centric cybersecurity solutions in healthcare

2nd PANACEA End-User and Stakeholder Workshop

The PANACEA Toolkit is healthcare specific to support organisational leaders in assessing and responding to the multi-dimensional risks they are facing in terms of an increasing threat surface. To this end, the Toolkit features four technological tools: A dynamic risk assessment & mitigation tool (DRMP); a secure information sharing tool for the protection of data (SISP); a security-by-design & certification tool (SbDF); a tool for identification & authentication and three organisational tools (IMP-H2M and M2M): Cybersecurity Education and Learning Tool (TECT); a Secure Behaviour Nudging Tool (SbNT) and Resilience Governance tool. 

The project organised its 2nd PANACEA End-User and Stakeholder Workshop in order to engage with end-users and cybersecurity and data protection experts across Europe to stimulate knowledge exchange and accumulate feedback on the tools that are developed. The event took place virtually between 15-17 and 23, 24 September 2020. The complete agenda and the recorded sessions are available in PANACEA's website.

Collaboration with Cyberwatching.eu portal

PANACEA has taken part in two cyberwatching.eu webinars in recent months. The webinar on 23 November 2020 focused on “Cybersecurity Risk Management: How to strengthen resilience and adapt in 2021” in collaboration with ECSO, SGS, Aon, the Digital SME Alliance, and the SECONDO, CYBERSURE, RESISTO, GEIGER, CUREX and PANACEA. Click here to access the entire webinar recording.

The webinar on 10 December 2020 focused on Security and Privacy by Design for Healthcare: New solution from EU H2020 projects to comply with GDPR, Medical Device Regulation and EU Directive 2016/1148 on essential services and the COVID context. PANACEA was joined by SPHINX, DEFEND and PAPAYA based on a clustering activity on Market Readiness Levels coordinated by cyberwatching.eu. Click here to access the entire webinar recording.

The webinars have been an opportunity to continue and expand on synergies on cybersecurity in healthcare while also helping to shape future joint activities.

Contributing to Policy Development on Cybersecurity and Healthcare

Between April and October 2020, PANACEA has contributed to a series of virtual policy-related events. In April, Dr Med Sabina Magalini, FPG and PANACEA coordinator shared insights on frontline experiences with healthcare security in the context of COVID-19, highlighting the growing cyber risks and vulnerabilities in the sector at the Cybersecurity Health Group – 10th TCON.

In September, Dr Med Magalini served as panellist of the 1^st Session of the ENISA eHealth Security Conference, which explored the impacts of cyber risks on the safety of patients as a key differentiator to other sectors, drawing on first-hand experiences during COVID-19.

Later that month, Dr Med Magalini joined the expert panel at the CONNECT Autumn School on Digital Health looking into key cybersecurity challenges facing the health sector. As the European Agency for Cybersecurity, ENISA was also a member of the panel along with Directorate CONNECT H to help understand how policy and funding innovative approaches to mitigating risks can ensure cybersecurity becomes a top priority for healthcare delivery.

SAFECARE| Safeguard of Critical Health Infrastructure

Definition of cyber-physical scenarios of threat

Reaching this milestone, SAFECARE has identified a set of scenarios, in the light of past history of cyber and physical scenarios, as well as on the Covid19 pandemic and the challenge it introduced to all, but in particular to health infrastructures. The potential of combining physical and cyber threats to exploit more complex attacks was considered, from the point of view of opening the door by exploiting first a cyber breaches or triggered by exploiting a physical breach. The achievement of this milestone was crucial, as the set of 12 scenarios described were used to guide all the technical developments, that are now in the simulation phase, after which a demonstrator in our three pilots will be carried on: Hôpitaux Universitaires de Marseille, Azienda Sanitaria Locale from Turin, Universitair Medische Centra from Amsterdam.

SAFECARE has created    a “live database” of Security Incidents in Healthcare Infrastructure during COVID-19 Crisis, and we’ll make sure to reflect this reality in the coming demonstrations.
Further reading: “Cyber-Physical Threat Intelligence for Critical Infrastructures Security” Chapters, chapters 8 to 11.

Specification and Deployment of Physical Security Systems

Physical security solutions have been specified and the prototypes are ready to be deployed on the test platform. Some end-user features including mapping of input devices and visualisation of alarms have been released in the Milestone Systems commercial software, XProtect®. The milestone covers the specification and development of the suspicious behaviour detection system, the intrusion and fire detection system, the data collection system, and the mobile alerting system. We have integrated these systems into the building management system. 

The developed systems can react to incidents raised by the cyber security components, distributed over the data exchange layer and central database in a seamlessly integrated system.

Click here to access the free version of Milestone XProtect
 

Specifications of cyber security solutions delivered

SPHINX| A Universal Cybersecurity Toolkit for Healthcare Industry

1st Iteration of SPHINX Toolkit Components

Visit project's website to watch the video demonstrations of each component.

Book Chapter: Innovative Toolkit to Assess and Mitigate Cyber Threats in the Healthcare Sector

Consortium members from EDGE, NTUA and ViLabs have co-authored a chapter dedicated to SPHINX Toolkit in the publication of the Open Access book “Cyber-Physical Threat intelligence”. The book has been a collaborative outcome of a synergy between several European projects that are active on the board sector of cybersecurity for critical infrastructures.

The synergy book has achieved a significant impact with nearly 15,000 downloads and a second volume is already on the pipeline. You can access the publication in the following link: https://nowpublishers.com/article/BookDetails/9781680836868

CYBERAWARE4HEALTH Online Workshop

SPHINX Consortium member DYPE5, the fifth Greek Regional Health Authority, hosted a workshop that was dedicated to IT personnel of Healthcare organisations in order to raise their awareness regarding contemporary cybersecurity matters.

The workshop took place virtually in Wednesday, 16 December 2020 and partners from National Technical University of Greece, PDMFC and ViLabs contributed to the event with presentations about information security, risk management, necessary daily actions for a cyber secure routine, firewalls concepts and the Sphinx Toolkit. In addition, Mrs. Dimitra Livery, Network and Information Security expert of ENISA, gave a keynote speech on procurement guidelines for cybersecurity in hospitals and medical centers.

These presentations were delivered in three sessions and are now available for on demand view in project's YouTube channel!