The Health sector’s increasing dependence on digital information and communication infrastructures renders it vulnerable to threats to privacy and cybersecurity, especially as the theft of health data has become particularly lucrative for cyber criminals. At the same time, a breach of integrity of health data can have dramatic consequences for the patients affected. CUREX addresses comprehensively the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess the realistic cybersecurity and privacy risks they are exposed to and suggest mathematically optimal strategies for addressing these risks with safeguards tailored specifically for each business case and application. CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced with a private blockchain infrastructure ensures the integrity of the risk assessment process and of all data transactions that occur between the diverse range of stakeholders involved. Crucially, CUREX expands beyond technical measures and places emphasis also on improving cyber hygiene through training and raising awareness activities for a healthcare institution’s personnel. Its validation focuses on the highly challenging condition of (cross-border) health data exchange, spanning patient cross-border mobility, remote healthcare, and data exchange for research. CUREX consortium will also utilise the outcomes of the well-known MyHealthMyData project in a dedicated demonstration that will use their blockchain-enabled platform which will control the actual data exchange. We envisage that CUREX will impact the European market developing one of the first blockchain platform for risk assessment management under the GDPR.
CUREX Platform will deliver trust-enhancing, secure, and private-by-design systems and applications by delivering specific results based on the following set of measurable objectives and key results.
- Objective 1: To deliver tools for assessing cybersecurity and privacy risks associated with health data exchange.
- Objective 2: To deliver a decision support tool for devising optimal cybersecurity and privacy safeguards.
- Objective 3: To deliver a blockchain-based platform for enhancing trust in health data exchange.
- Objective 4: To enhance cyber hygiene in healthcare organisations.
- Objective 5: To demonstrate the value of the CUREX Platform through proof-of-concept use cases.
- Objective 6: To conduct techno-economic, market and legal analysis and propose business and application models.