SPHINX (A Universal Cyber Security Toolkit for Health-Care Industry), an Horizon2020 Research and Innovation funded project, organized its first on July 10th 2019 at Brussels.
Hosted by Vrije Universiteit Brussel (VUB), the workshop counted, among its speakers, with the participation of ENISA, the European Union Agency for Cybersecurity, SANTHEA, a professional employer association in the health sector in Wallonia Brussels and representatives of other EU-funded projects such as PANACEA, CUREX and SafeCare, as well as several SPHINX project partners, including three healthcare providers from three different European countries (Portugal, Greece, Romania).
The workshop, divided in four thematic sessions, started with presentations by representatives of the Health Care providers partners of SPHINX (5th Regional Authority of Greece, Hospital do Espírito do Santo, Hospital de Évora and Polaris Medical) focusing on the topic of the required improvements in security needed in health care services, data and infrastructures. The key questions addressed in this session were: What violations have occurred? How are risks evolving? Which Hospital processes /systems are more vulnerable to cyber attacks?
The workshop concluded with a very lively exchange of experiences between several research projects funded by the European Union Horizon 2020 program under the call H2020-SC1-FA-DTS-2018-2020 (Trusted digital solutions and Cybersecurity in Health and Care), namely PANACEA, CUREX and SafeCare.
From the SPHINX project, Marco Manso from EDGENEERING, Portugal, presented the initial results of the SPHINX project with respect to the identification of cybersecurity challenges for the healthcare service and health solution providers in today's digital transformation in healthcare context.
The presentation, named "Application Scenarios and Use Cases for SPHINX", presented the five main application scenarios considered in the project: digital transformation in healthcare, eHealth and mHealth services and healthcare information sharing, both inter-organizations and cross-border environments.
These application scenarios were then brought to life through by description of two specific use cases, selected from a set of more than twenty that the SPHINX partners already created.
One of the use cases - "Attacking Obsolete Operating Systems" - described a cyber incident that exploited vulnerabilities in outdated IT systems used in hospitals with the sole purpose of disrupting the Institution's operations. The second use case - "Exploiting Medical Equipment to Steal Exams Results" - addressed a cyber incident exploiting a vulnerability in a medical device with the intention to steal patient data, while also affecting the reputation of the clinic and of the device manufacturer involved.
These use cases are representatives of the pilot cases to be developed in SPHINX in Portugal, Romania and Greece. Marco Manso's presentation ended with an overview into the three pilot experiments planned for 2020.
TECNALIA will enable a Blockchain Threat Registry for securing the health ecosystem from the home to hospital ensuring that if an attack occurs in a node of the health ecosystem the rest of stakeholders are informed and can act before they are attack. At the same time this Blockchain Threat Registry can use for auditing purposes.