ICEGOV is the International Conference on Theory and Practice of Electronic Governance, which takes place annually as a global, multi-stakeholder event to share knowledge through the presentation and publication of research papers. The 2020 edition took place online from 22 to 25 September.

PANACEA presented its socio-technical model for cybersecurity in healthcare based on the paper entitled Public and Private Healthcare Organisations: A socio-technical Model for identifying Cybersecurity Aspects, which is co-authored by Kalliopi Anastasopoulou, PhD, Pasquale Mari, Aimilia Magkanaraki, Emmanouil G. Spanakis, Matteo Merialdo, Vangelis Sakkalis and Sabina Magalini. The paper was presented in the session on Security, Privacy and Ethics in Digital Governance on Wednesday 23 September. 

Pasquale Mari from the Gemelli University Hospital explained how the PANACEA socio-technical model can enhance the ability of governments to ensure the privacy, safety and security of its citizens through both regulatory frameworks such as GDPR and ISO 27000 and self-regulatory approaches.

Regulatory Frameworks: The PANACEA model provides a taxonomy to standardise e-Health and Cybersecurity in domains spanning: 

  • Healthcare-specific Controls for essential services of cybersecurity frameworks (e.g. ISO 27001 and NIST framework), to apply EU Directive 2016/1148.
  • IPS standards, e.g. prEN 17269 Health informatics - The Patient Summary for Unscheduled, Cross-border Care; FprCEN/TS 17288 Health informatics - The International Patient Summary: Guidance for European Implementation Technical Specification. 
  • ISO/TC 215 Privacy and Security Standards, e.g. ISO/IS 27799 Information security management in health using ISO/IEC 27002.

Self-regulatory Approaches: The PANACEA model provides a standard map to: 

  • Compare cybersecurity coverage of technical and non-technical solutions offered to Healthcare (HC) organisations.
  • Describe targets of cyber-attacks also in terms of social networks in the healthcare context.
  • Transfer lessons learned in the cybersecurity domain for healthcare organisations.
  • Speak non-technical language with non-IT top managers and staff in healthcare organisations.
Download the presentation here