Periodic Reporting for period 1 - ProTego (Data-protection toolkit reducing risks in hospitals and care centers)
Reporting period: 2019-01-01 to 2020-06-30
• Holistic approach to protect data from EHR against cyber risks generated by remote devices access, agnostic to health care IT infrastructure
• Improve situational awareness during an attack
• Protect sensitive data inside the hospital infrastructure and at the boundary between hospitals and BYOD/IoT domains
• Cybersecurity solutions for ePHI protection released as integrated toolkit
• Provision of an Educational framework: Methodologies and protocols for the correct usage of cyber-security tools, for attacks prevention and reaction to be used by health sector staff (IT and physicians) and patients
• Validate in scenarios involving emerging technologies in health care informatics: IoT and BYOD
In order to achieve these objectives and to provide the technical solution proposed in the ProTego toolkit and to complement it with the educational framework, research is necessary in the following areas:
• Design time risk analysis for the application operating in its intended environment
• Run-time security monitoring and threat responses
• Data protection using advanced encryption and (where appropriate) hardware-enabled secure enclaves
• Secure bootstrapping and management of secure network communication
• Understanding the complexity of the application of cybersecurity technologies and techniques
In order to demonstrate these research and technical results, demonstrations of all types, from lab experiments to field trials in real environments, the toolkit will be integrated into the information systems of two hospitals:
• Marina Salud in Denia (SP)
• Ospedale San Raffaele in Milan (IT)
The collaborative work environment that has been the backbone of the project has been implemented.
The protocols for the ethical conduct of research in ProTego were designed and documented.
ProTego focused on the specification of the business requirements, scenarios and use cases of the ProTego platform, as well as identifying metrics for assessing the appropriateness of the achieved solution.
ProTego has worked as well, in the requirement elicitation of different stakeholders and that work has produced as result the definition of the Pocket EHR functional scenario.
In addition, it is aligned to one of the main topics described in the DoA, which is “Security for cloud solutions supporting healthcare services”.
ProTego contributed to the capture of technical requirements for a demonstration platform. The use of risk assessment was covered in storyboards describing the scenarios, including the role of AI.
ProTego has set the scope of the educational framework.
It has also been developed an initial version of the SSM model for the designed use case.
ProTego delivered an online training webinar for SSM.
Integration between SSM and SIEM, including understanding the requirements and the architecture for achieving this integration, and a first implementation of a microservice to mediate between them.
ProTego developed a SIEM from scratch by putting together open source components that provide specific functionality relevant from the security point of view.
ProTego made significant progress on its work in Apache Parquet Modular Encryption (PME), advancing PME technology.
Additionally, research in preventing the leakage of data in a workflow due to external network connections was done.
A modular Access Control Framework has been designed and implemented. It currently supports two Identity and Access Management systems that are in place at the hospitals, KeyCloak and Amazon Cognito.
A key agreement solution for Implantable Medical Devices and similar medical IoT devices has been designed.
A smartphone continuous authentication architecture was designed.
ProTego has designed and implemented a network slicing solution for ProTego to add an extra security layer and isolate network resources from different devices and services.
ProTego has supported the integration between the component of the Data Gateway and the Access Control Framework with the use of Helm templates.
The consortium contributed to the ProTego framework architecture, using SSM as a web service with a microservice to mediate access to this from the SIEM system. This included descriptions for the interaction model and specification of the APIs for both services.
Information about current infrastructures and information systems was compiled from the two hospitals that take part in the project.
All components were tested in an isolated way.
If has been also analysed the possibilities to introduce improvements to the current IO(M)T in use in hospitals by analysing more than ten different devices from different vendors.
ProTego has deployed and tested the first versions of Data Gateway, parquet encrypted files and Access Control elements.
ProTego provided support for the set-up of initial experiments and contributed to preliminary demos for the use of SSM risk assessment based on the envisaged validation scenarios (FoodCoach and PocketEHR).
Multiple activities with respect to the utilization of the project results have been carried out. In the beginning of the project, the project's social media communication channel and the public website have been launched. The ProTego has committed itself to publish at least 1 blog post per month on the project website.
An Ethics advisory board comprising experts in the relevant ethics and data protection domain will provide advice and support to the project management.
ProTego contributes to advancing the state of the art by providing a real-world case study (FoodCoach)
ProTego project has also developed the Risk Awareness Profile tool, as a novel and a feasible tool to elicit the impact of performed educational actions.
ProTego’s work has advanced the state of the art in model based risk assessment
Work started on scientific papers for the first two of these innovations but has now paused while we collect data from validation experiments.
The third innovation is really an enabling step for the development of novel algorithms for run-time risk monitoring and situational awareness.
ProTego has worked in narrow collaboration to provide progress in the Risk Assessment area by providing the tools that allow the dynamic recalculation of risk in an automated way, based on the vulnerabilities found on the monitored systems that are defined by the models designed.
The development of Parquet Modular Encryption is advancing the state of the art in protection for data-at-rest. This has tremendous potential for socio-economic impact, and has already entered some partners’ product lines.
ProTego has also contributed to the knowledge is the modular architecture for mobile continuous authentication that provides BYOD security.
We have progressed beyond the state of the art in deployment and integration of novel software components in a research and innovation action.