Data-Protection Toolkit Reducing Risks in Hospitals and Care CentresSecure Society Health & Wellbeing
Cybersecurity is a challenge for healthcare, an essential service that uses a vast amount of sensitive personal data. The average healthcare organisation spends more than EUR 1 million to recover from an attack. A rise in cybersecurity breaches in healthcare organisations is compromising patient privacy and posing a danger to patient safety. For instance, the use of wireless medical devices may be hacked by cybercriminals to harm a patient. Electronic Health Record (EHR) data is some of the most sensitive personal data currently in regular use – making it an attractive target for cybercriminals and ransomware attacks. So, under the recent GDPR regulations, health data must be secured in restrictive and prescriptive ways in order to ensure its security and integrity. However, as the medical industry becomes increasingly automated, collaborative and interoperative, health data is generated through Internet of Things (IoT) systems and shared via Cloud services and 5G networks with multiple stakeholders throughout the profession. This creates the potential for considerable risk and GDPR non-compliance.
The EU-funded ProTego project will develop a toolkit for healthcare organisations to better assess and reduce cybersecurity risks related to remote devices’ access to electronic health record data. It will introduce three main advances over current approaches: extensive use of machine intelligence, advanced data protection measures and innovation protocols for stakeholder education.
To create an end-to-end cybersecurity risk framework and education programme
To improve situational awareness during a cyberattack
To protect EHR data inside the hospital infrastructure and at the boundary between the hospital and IoT devices (such as, for example, a patient’s Continuous Glucose Monitoring device or a Fitband)
IT Innovation leads the work intelligent cybersecurity risk assessment using the System Security Modeller (SSM) – to enable design-time rigorous risk assessment and provide mitigation strategies
IT Innovation will develop the Knowledge Base of security threats and mitigations for the medical domain which informs risk assessment in both design- and run-time scenarios
The FogProtect project is a 36 month project funded by the EC H2020 framework programme.
This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 826284.