Public and Private Healthcare Organisations: a Socio-Technical Model for Identifying Cybersecurity Aspects.

Extended research paper (submitted February 2022): Public and private healthcare organisations: a socio-technical model for identifying cybersecurity aspects, K. Anastasopoulou, P. Mari, A. Magkanaraki, E. Spanakis, S. Magalini, M. Merialdo, V. Sakkalis, Journal of Engineering Research and Sciences (JENRS), Feb 2022

European Healthcare organisations have met growing common challenges. Health services have been identified at EU level as essential for the maintenance of critical societal and/or economic activities. Furthermore, patient safety and personal data are at risk in daily operations. ICT penetration and the increasing connectivity of devices within a healthcare organisation inevitably lead to a growing dependency on them. Therefore, a solid, cybersecurity prevention strategy is needed. Solidity depends on its capability to capture the Health Services specificities.

The article describes a socio-technical modelling approach, set-up by the H2020 PANACEA project, based on four models (Healthcare Organization (HCOM), Medical Device Lifecycle, Information System Lifecycle, Cybersecurity system). The proposed models can identify cybersecurity aspects, map cybersecurity interventions, and compare cybersecurity solutions for the Healthcare organisations, which, by default, constitute large and complicated structured organisations. Focusing on the HCOM model, this paper presents a methodological tool for identifying the socio-technical structure (technical and nontechnical) of a healthcare organisation from the cybersecurity perspective, thus delivering a valuable tool for both public and private healthcare organisations.