A SECURE HEALTHCARE ENVIRONMENT FOR INFORMATICS RESILIENCE

The healthcare environment is increasingly under pressure from cyberattacks, which have demonstrated their capability to significantly disrupt hospital operations. Yet, the currently described attacks are of relatively low technological level. This demonstrates the need to significantly improve the cybersecurity level of medical environments.
To this effect, the project is developing several technological components.
The first one, the threat hunting framework, consists in integrating multiple technologies for protecting IT infrastructures, assessing risk, and detecting ongoing malicious activity. These technologies for detecting and scanning systems are embedded into a single client that can be easily deployed and managed in hospital environments. Their output is consolidated into a single graphical user interface and a set of synthetic values, the RAMA score.
The second one, the privacy-aware framework, controls access to data. It creates a safe enclosure for data manipulation, where data providers can specify how their data can be used, and where data requesters need to specify a purpose. The data returned then matches the purpose with the authorizations provided by the users.
Finally, the third component is the observatory. It aggregates data from multiple hospital in order to provide a regulatory authority (a region, a state, a national cybersecurity agency) with a general overview of the cybersecurity state of the sector. This view also highlights the most important issues that could be addressed by these authorities, by issuing recommendations to the sector for example.

The project has developed and integrated several components, following two cycles of development.
During the first cycle, the project has defined the architecture of its platforms, and has developed the HEIR Minimum Viable Product (MVP), the initial version of the platforms. These platforms include 1) the HEIR agents, deployed in the hospital environment; 2) the HEIR client, integrating multiple cybersecurity functions and consolidating their output in the first layer GUI and RAMA score, and 3) the HEIR second layer aggregators and GUI, aggregating information from multiple environments.
During the second cycle, the project has delivered an update to the MVP, delivering the first HEIR complete version of all the components. These components have been deployed in two use cases, and further deployment in the two other use cases is being worked on.

The project has provided the following progress beyond the state of the art:
• The development of the RAMA score, a framework for risk assessment in medical environments. This provide a consolidated view of the risk, and is supported by the integration of multiple cybersecurity tools in a single consolidated user interface.
• Mechanisms for aggregating data from multiple environments in a privacy-preserving manner, ensuring that hospital managers and regulatory authorities are better equipped to monitor and react to cybersecurity risks.
• A privacy-aware framework for managing access to medical data, ensuring privacy-friendly operations on medical data according to patient and researcher needs.