Mid-term Results are on track on delivering practical, cybersecurity services for the healthcare sector

22 Sep 2020

Sept 2020

The increasing digitisation of healthcare is helping hospitals and patients, who will benefit from faster and more efficient procedures, increasingly timely during the pandemic times we are currently living in. Moreover, this means a stronger need for cybersecurity practices, in order to guarantee the protection of data and infrastructures. PANACEA Research the EU funded project supported under the European Union’s Framework Programme, was launched back in January 2019 with the purpose of promoting a people-centric cybersecurity approach in hospitals.

The ten main project’s objectives are conceived to take into account every type of vulnerability that may occur when managing sensitive data (including the human errors) in order to guarantee holistic protection to the whole hospital system.

The project is now halfway through its three-year journey and the growing interest for stakeholders in its achievements has confirmed just how important security is in healthcare. This is even more true after the COVID-19 Pandemic, which has seen a massive increase in cyber-attacks directed to hospitals.

Trust-IT Services’ contributes to the project by making sure that the results delivered within PANACEA Research reach all the relevant stakeholders (healthcare organisation, insurance companies, healthcare associations, medical devices & applications supply, standard organisations, synergies, policy makers and regulators). Specifically, Trust-IT Services has contributed with the project’s website, already in its second iteration (including a Lookout Watch that collects information about the state of the art of cybersecurity in healthcare).

Our Lookout Watch covers global trends in cybersecurity to increase awareness of the threats facing the healthcare sector. On top of this, the Watch features research on these topics. Feel free to send us your research and other documents that can feed into the Watch, here

A detailed Communication, Dissemination and Exploitation Strategy (the second version of the Communication and Dissemination Plan is available on the PANACEA website at the following link: https://www.panacearesearch.eu/deliverables/d82-communication-and-dissemination-strategy-and-achievements-1st-version).

One of the most important milestones has been the organisations of the second End-Users’ workshop sessions taking place virtually across two weeks, from 14th to 24th of September 2020. The workshop represents is an important opportunity for the project partners to obtain direct feedback from experts in the sector. One more workshop and a final event will be organised by the End of the Project. PANACEA Research boasts its success around being a people’s project and onboarding user requirements and needs are at the heart of the evolution of the results.

One of the major results of PANACEA consists in a Toolkit, made up of two main components (Solution Toolkit and Delivery Toolkit), thought for the cybersecurity assessment and preparedness of Healthcare ICT infrastructures and connected devices. The toolkits include technological, organisational and support tools, tailored for hospitals thanks to the project’s three Use Cases

  • The Policlinico Gemelli hospital based in Rome, IT;
  • The 7th Health Region of Crete in Heraklion, GR
  •  The HSE hospital in Dublin, IE (click here to learn more about PANACEA Research Use Cases)

The specific features of the Toolkits can be combined together in order to be adapted as much as possible to the target hospital. Among these features, some that are reaching a good percentage of completeness are:

  • The Dynamic Risk Assessment Platform, whose two main functions are the support for risk analysis and the response analysis thanks to multi-dimensional attack model, used to represent the role played by human behaviours in the development of a cyber-attack.
  • The Cybersecurity Risk Governance Model, composed of the HealthCare Cybersecurity Governance Tool and the Healthcare Cybersecurity Organisation Model. Its purpose is to evaluate the Information Security Management System (ISMS) of healthcare organisations as a standard entity for cybersecurity management.
  • The Identity Management Platform, designed to secure human-to-machine and machine-to-machine authentication.
  • The Secure Information Sharing Platform designed to deliver a secure sharing support tool enabling healthcare personnel to coordinate and share healthcare information in near real time within their own organisation and with external organisations.
  • The Security-by-Design Framework, providing medical device manufacturers, health application providers and healthcare organisations (i.e. hospitals) a comprehensive workflow including processes, software solutions and links to regulations.
  • The Secure Behaviour Nudging Tool, designed to help staff responsible for encouraging cybersecure behaviours within a healthcare organisation.
  • The PANACEA Cybersecurity Education and Learning package, designed to demonstrate to all people working in Health Care Organisations how to recognise the core link between secure cyber-related behaviour and the health and well-being of HCO patients.

The results presented during the workshop sessions are also reported in the Deliverables Section of the PANACEA Research website.

The next phase of the project is geared towards finalising the Solution and Delivery Toolkit components, and to the creation of a joint Exploitation strategy, in order to join forces and maximise the impact of each single component for users to fully deploy.

The PANACEA Research partners will be presenting the project’s results in several events across the next two weeks:

  • ENISA’s Online eHealth Security Conference 2020 – September 23rd from 14 to 16 CEST
  • CONNECT University Autumn School 2020 – September 28th from 14 to 16 CEST

Moreover, a second round of the End-User workshop sessions will take place on 23rd and 24th of September across different sessions. All the events info and participation details can be found here.


Do you want to keep abreast of the latest developments in eHealth security? Subscribe to our Newsletter.