PANACEAresearch will deliver two toolkits for cyber security assessment and preparedness of Healthcare ICT infrastructures and connected devices: the Solution Toolkit and the Delivery Toolkit.
1- The Solution Toolkit will positively affect the cybersecurity of an Healthcare Centre (HCC) according to a holistic modality, assessing (and acting on) the physical, software and organisational/human components of the HCC, relevant for the cybersecurity.
It is composed of four technological tools:
- a dynamic risk assessment & mitigation tool (helping to perform risk assessment evaluation and mitigation measures)
- a secure information sharing tool for the protection of data
- a security-by-design & certification tool
- a tool for identification & authentication
Moreover, it comprises three organisational tools
- a tool composed by models, guidelines and best practices for training & education
- a tool aimed at resilience governance
- a tool for secure behaviours nudging
How does the Solution Toolkit effectively interact with the Healthcare Center components?
The seven hexagons in the figure below, representing each component of the Solution Toolkit, can be implemented and used separately by the management and the security staff of the healthcare center. Once implemented, they operate by protecting an ecosystem made up of a variety of components:
- The Healthcare Center network composed of operators, patients, citizens, security staff, medical doctors, nurses, top management, employees and administrative staff.
- The clinical information systems and related processes (EHP, PHR)
- The administrative information systems
- The connected devices used in and outside of the hospital
The Solution Toolkit also manages the connections with other HCCs, even when this HCCs are not adopting PANACEAresearch's solutions (these are represented on the right).
2. The Delivery Toolkit is conceived as a support for the adoption of the Solution Toolkit. It involves two support tools:
- a methodology to evaluate the Return of Investment (ROI) of cybersecurity interventions, therefore the advantages of following a cybersecurity approach in an Healthcare Center
- a set of guidelines to be applied for the adoption of the Solution Toolkit
PANACEAresearch follows two nnovative approaches:
1) A Holistic approach to cybersecurity: the underlying paradigm of PANACEAresearch is that real improvement in the domain of cybersecurity can only come from change to human behaviour, technology and processes as part of a holistic solution; the Toolkit contains all these ingredients; and the project is structured to allow their codesign and the strict collaboration between end-users and researchers/developers
2) An Impact oriented approach: the Consortium has put itself in the shoes of the public health decision makers and of the HCC managers, as prospect users of PANACEAresearch, and has decided not only to design effective solutions, but also to make them easy to adopt.
The PANACEAresearch Toolkit is expected to be used for prevention purposes. The toolkit helps the HCC to proactively protect the IT infrastructure. It does not include an incident management component. The Consortium considers that existing technical and organisational solutions already cover the incident management/response phase and assumes that to invest in preparedness reduces the likelihood and criticality of the incidents to a level that ensures an overall positive return. One of the aims of the project is to provide method and evidence for this assumption.