This cyberwatching.eu webinar in December 2020 brought together three Horizon 2020 projects working on new security- and privacy-by-design solutions for healthcare: PANACEA, DEFeND and PAPAYA. The webinar is the outcome of a clustering activity on cybersecurity and healthcare coordinated by cyberwatching.eu, with DEFeND (Data Governance for Supporting GDPR) providing an innovative data privacy governance platform; PAPAYA (Platform for Privacy Preserving Data Analytics) project is developing privacy-by-design solutions and a dedicated platform for data analytics tasks outsourced to untrusted data processors; PANACEA (Protection and Privacy of Hospital and Health Infrastructures with Smart Cyber Security and Cyber Threat Toolkit for Data and People) enabling all healthcare actors to easily run conformity and engineering assessments.
Dr Med. Sabina Magalini, senior surgeon at the Gemelli University Polyclinic highlighted the urgent need for security and privacy-by-design solutions in healthcare given that IT systems are mission critical yet hospitals are still vulnerable and poorly protected.
COVID-19 has brought attention to the real need for security- and privacy-by-design approaches to respond to the shift towards telemonitoring and remote working, the recruitment of new staff, fast deployment of ad-hoc IT solutions and the use of temporary healthcare sites, all of which raise cybersecurity and compliance concerns.
The post-COVID-19 pandemic era must be an opportunity to renew these systems with radically new ways to replace or upgrade obsolete IT assets that are no longer fit for purpose, prioritising investments in security- and privacy-by-design approaches. The European Recovery Plan and new priorities on cybersecurity could be important levers for boosting investments in digital health and telemedicine, including methods and tools for assessing the security and privacy of IT platforms to deal with the pandemic and systems to tele-transmit data. However, these investments are an opportunity to reduce cyber risk if and only if security- and privacy-by-design approaches are prioritised for adoption by all parties involved.
PANACEA led the mapping of DEFeND, PANACEA and PAPAYA in terms of targeted regulatory compliance. spanning the GDPR (EU) 2016/679; DIRECTIVE (EU) 2016/1148 (NIS) concerning measures for a high common level of security of network and information systems across the Union; the Medical Device Regulation (EU) 2017/745 taking effect from May 2021 and the Cyber Act Regulation (EU) 2019/881.
Martina Bossini Baroggi from RINA presented PANACEA’s security-by-design framework in the context of healthcare, where cyber awareness is extremely low, calling for a programmatic approach to detecting, mitigating and remediating cyber risks.
The Framework comprises two solutions:
cyberwatching.eu webinar recording. Dr Med. Sabina Magalini, FPG: 09:11-21:33. Martina Bossini Baroggi, RINA: 1:19-1:31