The 2nd PANACEA End-User and Stakeholder Workshop takes place virtually between 15-17 and 23, 24 September 2020. 

Session 1. Dynamic Risk Management Platform: Tuesday 15.09.2020, 14:30-17:30 CEST

DRMP is designed to protect a complex IT infrastructure by quantitatively assessing the current level of risk through a multi-dimensional threat analysis and the current business impact. An innovative aspect of DRMP is the multi-dimensional attack model, used to represent the role played by human behaviours in the development of a cyber-attack. The model tries to capture how human users currently access ICT and medical devices, identifying human vulnerabilities that can be exploited to materialise the most common threats in healthcare organisations.

The risk computation triggers the definition of technical and non-technical mitigation actions with the objective of reducing the risk level by taking into consideration the business impact that the actions may cause.

Targeted participants: Information Technology Managers, Information Security Officers, Risk Managers

 

Agenda

Welcome, Dr Med. Sabina Magalini, Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli IRCCS (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC) 

Introduction, Stephanie Parker and Cristina Mancarella, Trust-IT

Panellist Introductions and Presentations: Chair - Pasquale Mari, Fondazione Policlinico Universitario Gemelli IRCCS (FPG) 

PANACEA Dynamic Risk Management Platform, Fabrizio De Vecchis (RHEA)

Dynamic Risk Management Platform (DRMP) Highlights and Demonstration, Silvia Bonomi,  Simone Lenti, UROME

Resilient Response Engine, Martina Bossini Baroggi (RINA)

Interactive Session: Q&A on the tool, followed by live polls and feedback from expert participants, Pasquale Mari, FPG and Stephanie Parker, Trust-IT

PANACEA panelists: Silviu Turuga (RHEA), Yevhen Ikonnykov (RHEA), Martina Bossini Baroggi (RINA), Giuseppe Santucci (UROME), Alessia Palleschi (UROME) 

Wrap-up and Next Steps

 

Webinar recording

 

Session 2. Cybersecurity Risk Governance:  Wednesday 16.09.2020, 14:30-17:30 CEST

The PANACEA Cybersecurity Governance Model comprises the HealthCare Cybersecurity Governance Tool and the Healthcare Cybersecurity Organisation Model. The purpose of the Healthcare Cybersecurity Governance Tool is to evaluate the Information Security Management System (ISMS) of healthcare organisations as a standard entity for cybersecurity management.

The HCG-Tool enables the assessment of “Level of Gaps” in relation to diverse cybersecurity standards (ISO 27001, NIST SP800-53 and TOGAF-O-ISMS3), which are  combined into a set of “Security Controls” that take into consideration also specific security aspects of the Healthcare domain.

The tool assesses the ISMS status and identifies ISMS functions gaps that need to be improved, according to the cyber risk assessment and mitigation actions list.

The Healthcare Cybersecurity Organisation Model manages, deploys and improves the Information Security Management System of healthcare organisations. The model comprises a set of guidelines for designing an IT security structure, enabling any healthcare organisation to identify and implement actions or countermeasures.

The use of both solutions is an innovative approach designed for decision makers when making an organisational investment plan to build an IT Security or cross-departmental unit. 

Targeted participants: Information Technology Managers, Information Security Officers, Risk Managers, Data Protection Officers, Hospital (and other Healthcare providers) Top Managers, Public Health Managers/Authorities

 

Agenda

Welcome, Dr. Med. Sabina Magalini, Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli IRCCS (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC)

Introduction, Stephanie Parker and Cristina Mancarella, Trust-IT

The PANACEA Governance Model, Claudia Pani, Raniero Rapone, Maria Rosaria Cioffi, AON

Interactive Session: Q&A on the tool, followed by live polls and feedback from expert participants, Pasquale Mari, FPG and Stephanie Parker, Trust-IT

PANACEA panelists:  Claudia Pani, Raniero Rapone, Maria Rosaria Cioffi, Paolo Modica (AON)

Wrap-up and Next Steps

 

Webinar recording 

 

Session 3. Identity Management - Human-to-Machine and Machine-to-Machine Authentication: Thursday 17.09.2020, 10:00-11:30 CEST

This session is on both human-to-machine and machine-to-machine authentication. 

The Identity Management Platform for human to machine authentication (IMP H2M) is designed to make sure that users of a medical system or medical device are known to the hospital system and are really who they claim to be. The tool allows user authentication based on two authentication factors which are the biometry (who you are) and a smartphone (what you have). The design of the system is based on several requirements that where defined by field observations and interviews made with different actors in the eco-system.

The IMP H2M tool brings many innovative points to the security of the hospital Information technology system since It resolves the credential sharing issues with a secure, frictionless and GDPR compliant solution.

Targeted participants: Clinical Data Managers, Clinical Engineering Dept Officers, Information Security Officers, Data Protection Officers, Networked Medical Device Manufacturers

IMP M2M: Healthentia – Qtrobot secure integration: An implementation of PANACEA’s Identity Management Platform, Machine-to-Machine communication

PANACEA’s Identity Management Platform gives guidelines governing the handshake between two machines wishing to securely exchange sensitive data. These guidelines are presented in practice via a demonstration of the Healthentia – Qtrobot secure integration system. Healthentia is an eClinical system gathering information. QTrobot is an assistive device, facilitating kids’ interaction with systems. The goal of the integration is to use QTrobot as means to collect questionnaire answers via a natural spoken interface and measure body posture and emotion, while all the collected info is securely transferred to Healthentia.

Targeted participants: Information Technology Managers, Information Security Officers, Medical Device Manufacturers, Clinical Engineering Dept Officers, Managers of Nurse and Medical Staff

 

Agenda

Welcome, Dr. Med. Sabina Magalini, Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli IRCCS (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC)

Introduction, Stephanie Parker and Cristina Mancarella, Trust-IT

Brief introduction to PANACEA presenters, Pasquale Mari (FPG)

PANACEA Identification Management Platform: Claude Bauzou and Aghiles Adjaz, IDEMIA, Aristodemos Pnevmatikakis, iSPRINT

Q&A with participants on Machine-to-Machine Authentication with Aristodemos Pnevmatikakis, iSPRINT

Q&A with participants on Human-to-Machine with Claude Bauzou and Aghiles Adjaz, IDEMIA

Interactive Session: Q&A on the tool, followed by live polls and feedback from expert participants, Pasquale Mari, FPG and Stephanie Parker, Trust-IT

PANACEA panelists: Claude Bauzou, Aghiles Adjaz (IDEMIA), Aristodemos Pnevmatikakis (iSPRINT)

Wrap-up and Next Steps

 

Webinar recording 

 

Session 4.  Secure Information Sharing Platform: Thursday 17.09.2020, 14:30-17:30 CEST

The Secure Information Sharing Platform is one of the technological tools of the PANACEA Solution Toolkit designed to deliver a secure sharing support tool enabling healthcare personnel to coordinate and share healthcare information in near real time within their own organisation and with external organisations. The SISP enables healthcare professionals to exchange healthcare information more efficiently, in compliance with applicable regulations and more securely than the current baseline, by promoting interoperable file formats, cryptographic methods and a mutual trust model.

Information sharing can be performed between different healthcare organisations, across borders and between organisations within a single country.

Targeted participants: Information Technology Managers, Information Security Officers, Data Protection Officers, Public Health Managers/Authority, Medical Staff involved in clinical information sharing

 

Agenda

Welcome, Dr. Med. Sabina Magalini, Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli IRCCS (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC)

Introduction, Stephanie Parker and Cristina Mancarella, Trust-IT

Brief introduction to presenters, Pasquale Mari

PANACEA Secure Information Sharing Platform, Fabrizio De Vecchis and Peter Hagstrom RHEA

Demo/video of the tool: PANACEA SISP Demo, Fabrizio De Vecchis RHEA, Peter Hagstrom RHEA

Interactive Session: Q&A on the tool, followed by live polls and feedback from expert participants, Pasquale Mari, FPG and Stephanie Parker, Trust-IT

Wrap-up and Next Steps, Pasquale Mari, FPG 

 

Webinar recording 

 

 

Session 5. Security by Design Framework Part 1: Wednesday 23.09.2020, 11:00-13:00 CEST

This session is Part 1 of the PANACEA Security by Design Framework. 

PANACEA provides medical device manufacturers, health application providers and healthcare organisations (i.e. hospitals) a Security-by-Design Framework (SbDF): A comprehensive workflow including processes, software solutions and links to regulations. SbDF is designed to overcome design limitations of medical devices, which currently do not specifically - or poorly - include security-engineering aspects regarding cyber risks. SbDF is based on a typical assessment and system monitoring audit workflow with the support of specific solutions addressing conformity assessment (through compliance schemes) and risk assessment (addressing cybersecurity and engineering aspects). The target applicable model of PANACEA SbDF is the defined device lifecycle model, which considers networked medical devices categories, lifecycle phases and roles.

Targeted participants: Medical Device Manufacturers/Developers, Information systems Providers/Developers, Clinical Engineering Dept. Officers, Information Technology Managers, Information Security Officers, Risk Managers

The Secure Design Support Platform (SDSP), developed by RHEA, is a risk assessment platform for use in healthcare environments. Its use for health systems and/or medical devices ease compliance with Security-by-Design principles. The purpose of this tool goes beyond health systems/medical devices to cover the operatiional context in which they are used, guiding the architectural and/or development choices through detected critical risk level scenarios and the security controls needed to decrease their risk level.

 

Agenda

Welcome, Dr. Med. Sabina Magalini, Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli IRCCS (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC)

Introduction and Announcement, Stephanie Parker and Cristina Mancarella, Trust-IT

Brief introduction to presenters, Stephanie Parker, Trust-IT

PANACEA Security-by-Design Framework, Federica Foti (RINA)

Secure Design Support Platform(SDSP), Raffaella Condoleo (RHEA)

Q&A on the SbDF and SDSP. Interactive discussion with live polling on SDPS, Stephanie Parker, Trust-IT

PANACEA panellists: Federica Foti (RINA), Martina Bossini Baroggi (RINA), Raffaella Condoleo (RHEA)

Wrap up and Next Steps

 

Webinar recording 

 

Session 6. Security by Design Framework Part 2: Wednesday 23.09.2020, 14:30-16:30 CEST

This session is Part 2 of the PANACEA Security by Design Framework. 

PANACEA provides medical device manufacturers, health application providers and healthcare organisations (i.e. hospitals) a Security-by-Design Framework (SbDF), a comprehensive workflow including processes, software solutions and links to regulations. SbDF is designed to overcome design limitations of medical devices, which currently do not specifically - or poorly - include security-engineering aspects regarding cyber risks. SbDF is based on a typical assessment and system monitoring audit workflow with the support of specific solutions addressing conformity assessment (through compliance schemes) and risk assessment (addressing cybersecurity and engineering aspects). The target applicable model of PANACEA SbDF is the device lifecycle model defined, which considers networked medical devices categories, lifecycle phases and roles.

Targeted participants: Medical Device Manufacturers/Developers, Information systems Providers/Developers, Clinical Engineering Dept Officers, Information Technology Managers, Information Security Officers, Risk Managers

From a solution point of view, the SbDF is composed by two different tools: The Secure Design Support Platform (SDSP) and the Compliance Support Tool (CST).

The Compliance Support Tool (CST), developed by RINA, provides a standardised programme for assessing the conformance of the target object in scope (i.e. medical device, information system, management systems, etc.) with a series of standards relevant for the user and application context (i.e. GDPR, ISO 27001, EN ISO 13485, ISO IEC 80001, etc.). It supports the user in assessing the medical device\system development process during all the phases of its lifecycle This ensures an effective internal control system focused on managing significant risks while verifying the compliance of the entire process to relevant standards and taking actions to increase the conformity level.

 

Agenda

Welcome, Pasquale Mari, Gemelli University Hospital (FPG)

Agenda overview and announcement, Stephanie Parker, Trust-IT

Brief introduction to PANACEA partners, Pasquale Mari (FPG)

Presentation and Demo of PANACEA CST, Martina Bossini Baroggi (RINA)

Q&A on CST presentation. Interactive discussion and live polling on CST, Pasquale Mari (FPG), Stephanie Parker, Trust-IT

PANACEA Panellist: Martina Bossini Baroggi (RINA), Federica Foti (RINA), Raffaella Condoleo (RHEA)

Wrap-up and Next Steps, Stephanie Parker, Trust-IT

 

Webinar recording 

 

Session 7. Secure Behaviour Nudging Tool: Thursday 24.09.2020, 11:00-13:00 CEST

The Secure Behaviour Nudging Tool is designed to help staff responsible for encouraging cybersecure behaviours within a healthcare organisation. Designed by a team of behaviour change experts, the SBNT is a toolkit of evidence-driven techniques and methodologies built around established psychological theories.

The SBNT offers a range of innovative tools to assist the user in identifying: 1) Insecure behaviour in the workplace. 2) Factors driving this behaviour and barriers to secure behaviour. 3) Appropriate techniques and ‘nudges’ to encourage more secure behaviour. 4) Tools to assess and re-assess the organisation’s cybersecurity position and needs on a reiterative basis.

Target Stakeholders: Hospital (and other Healthcare providers) Managers in charge for managing staff behaviour and education, Information Technology Managers, Information Security Officers, Risk Managers

 

Agenda

Welcome, Dr. Med. Sabina Magalini, Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli IRCCS (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC)

Agenda Overview, Stephanie Parker, Trust-IT

Brief introduction to PANACEA presenters, Pasquale Mari (FPG)

The PANACEA Secure Behaviour Nudging Tool, Prof. Lynne Coventry & Dr Dawn Branley-Bell (Northumbria University)

An introduction to nudging and the toolkit concept. Dr Dawn Branley-Bell

Interactive workshop sessions, Prof Lynne Coventry:

Identifying insecure behaviour in the workplace (including why that behaviour is occurring and/or barriers to secure behaviour).

Exploring & designing nudges 

Evaluating nudge effectiveness & reassessing cybersecurity priorities

PANACEA panelists for Q&A sessions: Prof. Lynne Coventry, Dr Dawn Branley-Bell & Dr Elizabeth Sillence (Northumbria University)

Interactive Session: Pasquale Mari, FPG and Stephanie Parker, Trust-IT

Wrap-up and next steps

 

Webinar recording 

 

 

Session 8. Cybersecurity Education and Learning Tool: Thursday 24.09.2020, 15:30-16:30 CEST

The PANACEA Cybersecurity Education and Learning package is designed to demonstrate to all people who work in Health Care Organisations to recognise the core link between secure cyber-related behaviour and practices and the health and well-being of HCO patients. Designed and developed using a systematic approach by a team of highly qualified and experience training developers, the learning is based on comprehensive analysis of the current situation and will apply proven pedagogical methods and modern digital media to appeal to as broad a range of learners as possible, enabling learning wherever and whenever the learner has the opportunity to access it. The learning aims to promote behavioural change by personalising the consequences of inappropriate cybersecurity behaviour to the learner, the learner’s patients and the HCO itself.

Target participants: Managers in charge of staff behavior and education, Information Technology Managers, Information Security Officers, Risk Managers

 

Agenda

Welcome, Dr. Med. Sabina Magalini, Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli IRCCS (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC)

Agenda Overview, Stephanie Parker, Trust-IT

Brief introduction to PANACEA presenters, Pasquale Mari (FPG)

The PANACEA Cybersecurity Education and Training Package, Anthony Rabbitt (RINA)

Interactive Session: Q&A on the tool, followed by live polls and feedback from expert participants, Pasquale Mari, FPG and Stephanie Parker, Trust-IT

PANACEA panelists: Anthony Rabbitt (RINA)

Wrap-up and Next Steps, Pasquale Mari (FPG)

 

Webinar recording