PANACEA

Challenge

Healthcare is increasingly evolving towards digitisation: from the development of electronic health records, of teleconsultation and tele-expertise is thriving and connected objects are on the rise. For this reason, it is evident that threats and potential damages to healthcare critical infrastructures due to cyberattacks require a fortification of the security features in the industry. Nowadays, healthcare structures are an attractive target for cybercrime because healthcare is a rich source of valuable data and its defences are weak.

PANACEA has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 826293 in order to enable healthcare facilities to assess the nature and severity of a threat, and sustainably decide to adopt strategies to strengthen their preparedness and response.

To increase the cyber security resilience of the IT infrastructure of hospitals and care centers facilities, PANACEA project will delivers people-centric cybersecurity solutions in healthcare by means of two toolkits for cyber security assessment and preparedness: the Solution Toolkit (made up of platforms, models, best practices, software applications) and the Delivery Toolkit (built on methodologies and implementation guidelines).

Approach

RINA will successfully combine its competencies in software engineering, cybersecurity, training, human factors and certification in a single multi-disciplinary team. These skills will be used in PANACEA to coordinate the technical activities dealing with:

• the development of cyber-security response analysis tool, tailored to the healthcare sector to plan and prioritize response plans with the goal of reducing cyber risks and suggesting the best countermeasure according to the context (time, asset, external conditions, technical and non-technical elements, etc.)
• the development of a security-by-design framework and solutions for eHealth applications, by designing a systemic quality assurance process focused on cloud solutions and interconnected medical devices. This process consists in the evaluation of the level of confidence of software applications to be free from vulnerabilities either intentionally designed, or accidentally coded at any time during the product life cycle, ensuring compliance to GDPR and data protection regulation
• the development of a cyber-security competency framework which provides a frame for the design of training and ongoing maintenance of skills after an analysis of the knowledge and behaviours required of healthcare staff at various levels (IT staff, Managers/ decision-makers/ Users).

Moreover, we are also responsible for PANACEA validation and covers the role of quality assurance manager, thanks to its higher engineering skills delivered in several decades of consultancy to private and public sector.

Conclusion

In conclusion, PANACEA will address the need to respond swiftly to a complex, multi-faceted cyber threat landscape, on the other hand, it will address the need for highly-skilled cybersecurity professionals to help reduce cyber risks in healthcare. In particular, the main positive impacts for the EU community will be:

• reinforce Europe’s position as a key security provider for Healthcare IT systems
• allow for a continued development and improvement of fully tailored identity management and secure data management solutions for Healthcare
• proceed with the development of new products such as Connected Object management platforms to secure connected medical devices
• accelerate its growth in the Healthcare ecosystem to attract more customers and to increase its market share with the target to reach $2bn revenues by 2020
• extend and reinforce its European network of stakeholders and decision makers.

Project Consortium

1 Università Cattolica del Sacro Cuore (UCSC) 2 Fondazione Policlinico Universitario Agostino Gemelli IRCCS (FPG) 3 RINA CONSULTING SPA Italy 4 Foundation for Research and Technology Hellas (FORTH) 5 IDEMIA Identity & Security France (IDEMIA) 6RHEA System S.A. (RHEA) 7University of Northumbria at Newcastle (UNAN) 8Aon S.p.A. Insurance & Reinsurance Brokers (AON) 9 Stelar Security Technology Law Research UG (STELAR) 10Università degli Studi di Roma “La Sapienza” (UROME) 11 Trust-IT Services Ltd (Trust-IT) 12 7th Health Region Crete (7HRC) 13 Health Service Executive (HSE) 14 Irish Centre for Emergency Management (ICEM)15Innovation Sprint Sprl (iSPRINT).