Periodic Reporting for period 2 - CUREX (seCUre and pRivate hEalth data eXchange)
Periodo di rendicontazione: 2020-06-01 al 2022-03-31
CUREX addresses the emerging needs of the domain by proposing a risk-based cybersecurity framework that takes into consideration the hospital workflows, as well as the ubiquity of medical devices in care settings. CUREX aims at protecting the health data handled by hospitals from the risks that are propagated all the way from the security gaps in their IT infrastructure by implementing a risk-based approach, performing continuous cybersecurity and privacy risk assessments based on the reported assets, vulnerabilities, and real-time detection of imminent threats. CUREX also offers optimal recommendations for cyber risk mitigations in the form of a decision support tool. Overall, the CUREX Platform encompasses a suite of tools establishing trust between healthcare organisations to accommodate the necessity of exchanging data in a fully GDPR-compliant manner. By capitalising on existing distributed ledger and health technological artifacts, CUREX ensures the accountability and auditability of all transactions between hospitals and care centres. Finally, taking into account the human factor, it improves the cyber hygiene culture among personnel through identifying employee group-specific gaps and needs with regard to raising cybersecurity and data privacy awareness.
(I) Asset and vulnerability discovery, to discover system assets (e.g. components, services, applications, ports, OS) and any information related to their associated vulnerabilities.
(II) Threat intelligence tools, that apply advanced machine learning algorithms and artificial intelligence techniques for the detection of real time abnormal behaviours on users, and devices, as well as anomalies in the data in order to identify new and unknown threats.
(III) Qualitative cybersecurity and privacy risk assessments, to evaluate the risk levels of the organisation based on the vulnerabilities identified in the infrastructure.
(IV) Recommendation of optimal safeguards strategies to mitigate the identified risks in an optimal way based on multiple factors (such as purchase and implementation cost and the provided security benefits) and reduce risk to acceptable levels.
(V) Α decentralized blockchain network to publish the different outputs and the transaction history to ensure the integrity, accountability, traceability, and auditability of the complete process.
Moreover, as CUREX proposes a holistic and GDPR-compliant risk management approach for healthcare organisations, it cannot afford to disregard the significant role end-users play in the security equation. Therefore, going beyond the technical means, user training and awareness strategies have been included as part of the CUREX cyber hygiene framework to strengthen the healthcare organisations’ defences against social attacks.
CUREX’s result have demonstrated a very strong research potential, inspiring in total 24 scientific publications in prestigious journals and venues. Furthermore, the project’s developments have been presented in 29 events, reaching a diverse and very wide spectrum of stakeholders (from citizens/patients to policy makers) beyond the scientific community.
Overall, the CUREX Platform provides innovative solutions to healthcare organisations’ challenging efforts in preserving their cybersecurity safeguards. Its market potential is indisputable, as it presents a Unique Value Proposition which is based on an integrated system that combines all CUREX state-of-the-art components. With the use of various market prospects and tools, consortium partners were able to identify the roadmap to sustainability against competitors, adaptability from potential customers, and evolution of the CUREX platform as a novel solution offered to the healthcare security sector. There is a strong commercialisation potential that derives from efforts placed in analysing market access and formulating a concise business plan. With an explicit knowledge of the factors that shape the CUREX market adoption and evolution trends, contributing partners are able to pursue this path of commercialisation and bringing this novel service to the market. Market dynamic and competitive framework of the EU market environment, which is the initial target market, pose both opportunities and restraints that CUREX platform addresses through an intuitive go-to-market plan, coupled with an innovative pricing policy.
Finally, it is worth mentioning that the social impact assessment performed for the project showed that the end-user acknowledge its multidimensional impact, being very vocal on their perceptions regarding CUREX’s contribution to the global effort to reinforce the critical healthcare infrastructures, raising at the same time the interesting and very significant issues of secure and private health data exchange for both primary (cross-border healthcare services) and secondary (data sharing for research, innovation, etc.) use of data. Overall, the CUREX project positively affects the related industry from a social, technological and economical perspective, by providing a novel and solid solution to the emerging cybersecurity and data privacy needs of the healthcare domain.