Challenge
The increasing interconnection of technology in healthcare between devices at the physical and cyber levels has transformed these infrastructures into large Health Care Information Infrastructures. These are considered critical due to their importance for people’s well-being and safety. On the other hand, the evolving digital inter-connectivity has changed the threat landscape, producing a wide range of security and privacy challenges. The integrated nature introduces new potential entry points for cybersecurity risks. Thus, there is an urgent need for the health operators to protect their HCIIs. Efficient situational awareness, incident handling and risk assessment is an important step to acquiring a thorough and common understanding of cyber-attack situations, and is necessary to timely reveal security events and data breaches occurring into HCIIs. Consequently, analysis of incident information is crucial in attempting to detect the presence of a threat, within HCIIs, that has already been detected in other interdependent systems within the same ecosystem.
Objectives
AI4HEALTHSEC proposes a state of the art solution that improves the detection and analysis of cyber-attacks and threats on HCIIs. It increases the knowledge on the current cyber security and privacy risks. Additionally, AI4HEALTHSEC builds risk awareness, within the digital Healthcare ecosystem and among the involved Health operators, to enhance their insight into their Healthcare ICT infrastructures and provides them with capability to react in case of security and privacy breaches. Last but not least AI4HEALTHSEC fosters the exchange of reliable and trusted incident-related information, among ICT systems and entities composing the HCIIs without revealing sensitive corporate details.
Our Role
Privanova leads all compliance aspects of the project: Privacy, Data Protection and Research Ethics. Practically, our job is to guide the consortium towards legal and ethics compliance, to help the consortium partners implement the data protection principles and provisions and to ensure we respect all Ethics Requirements. This covers all phases of the project, from requirements identification to research, but is particularly important for our pilots, trials and testing. We facilitate the development of a solution for sharing, computing and extracting the desired value out of personal data, in a privacy-friendly way. To this end, Privanova will lead task T1.6 “Ethical, Privacy, GDPR Compliance and Security Coordinations”. Besides, we also lead task T2.2 “Basis of Legal and Ethical Requirements” in order to provide for the generally applicable legal frameworks with particular emphasis on the application and implementation of the General Data Protection Regulation. Finally, Privanova leads the legal validation of the project by assessing the integration of all identified requirements in the course of developing the AI4HEALTHSEC project in task T7.5 “Legal and ethical implementation, oversight and evaluation” and contributes to dissemination and exploitation activities in WP8.
This project has received funding from the European Union’s Horizon 2020 research and Innovation programme under grant agreement N°883273. All information on this website reflects only the authors’ view. The Agency and the Commission are not responsible for any use that may be made of the information this website contains.
Privanova