Currently, one of the main issues faced by the HC organisations is the lack of specific tools able to provide decision makers with concrete and actionable recommendations to i) evaluate the cybersecurity management system of the HC organisation ii) create a specific IT -security entity to govern the cybersecurity, and iii) evaluate the return on investment in cybersecurity.
The approach to the use cases was carried out relying on the analysis of the current needs tailored to each HC organisation and the subsequent explanation upon how the tools may improve their quality of work. After having gathered all the required data about risk governance and financial investment policies in cybersecurity, technical workshops were held to introduce RGT and FVMM to the attending profiles (IT, Security, Risk, Financial Manager and DPO). Moreover, the technical workshops covered the gathering of data provided by the participants after the illustration of RGT and FVMM. There was a solid improvement around the topics discussed according to the second round of questionnaires, and it was commented during the last part of the workshop.
The combined use of both the tools has shown significant improvements for HC organisation in i) evaluating the cybersecurity governance system ii) realising an innovative security-IT structure entity compliant with the significant standards; it also fills the gaps in terms of missing roles and responsibilities, processes and organisational entities iii) defining the set of actions to put in place at the main aim of increasing the compliance needs of the organisation and iv) prioritising cybersecurity investments through the definition of the C-ROI
"The tool has significant potential in my role as a Finance Officer it shows great potential and should assist and support decisions made under the National Financial Regulations when deployed
Having responsibility for IT security I see a definite advantage in the Panacea RGT. Even when the ICT structure is not formalised there are many advantages.
As a DPO (Data Protection Officer) I see many uses for the Panacea Resilience Governance Tool. I consider that for me as the Quality, Risk and Patient Safety Officer that the Panacea tools have a real application in my day-to-day activity and that the Resilience and Governance Tool has real world applications." Healthcare Cybersecurity Organization Structure Model (HCOS model)
"The improvement of our current organization in the cybersecurity domains can really take advantage from applying the organizational guidelines provided by PANACEA: it ensures that all needed roles are covered, and users of systems and medical devices are involved" Information Security Officer
Healthcare Cybersecurity Governance Tool (HCGT)
"Current control lists are long and difficult to use. I think that the maturity assessment control items identified by PANACEA are a complete and relevant set. And the graphical summary of the results is for sure a positive feature of tool." Information Security Officer
"The FVMM highlights the issues relation to Risk Governance and Cyber Return on Investment (ROI). As a senior ICT manager, it makes the case for me and supports the management team in deciding what budget should be allocated to cyber protection.
As the Finance Officer, I can appreciate and see benefits in the Panacea FVMM tool, and it allows various dimensions. The multi-dimensional data model is much easier easy to handle. Its performance is better than that relational database. I like the way the data is represented. The representation of data is better than traditional databases.
The PANACEA FVMM tool has a number of applications for me as Quality, Risk and Patient Safety Officer as it assists in balancing the conflicting budgetary demands.
In my role with responsibility for Emergency Management and Physical Security I can appreciate the potential that Panacea’s Financial Viability Multi-Dimensional Model brings to the collective decision making that a Return on Investment requires. I judge it to have good potential in use.
I like. It is a great idea: the link between investment and its impact on compliance improvement really can support decision making." Management Control Officer