Deliverable D1.5 is the final report delivered by the Project Management work package (WP1) and aims to serve as a point of reference for those who wish to learn about CUREX and its achievements over its 40-month implementation. It provides a comprehensive overview of the project’s objectives, results, impact, and gender aspects, as these developed and progressed over its course. D1.5 discusses the impact of COVID on the delivery of healthcare, two years after the pandemic outbreak. Then, it highlights the work carried out towards achieving the project objectives. Moreover, through the project’s pilot use cases, in D1.5 we present how our results are relevant to the EU strategies, initiatives, policies and legislation for eHealth and Cybersecurity, such as the eHealth Digital Service Infrastructure (eHDSI), the European Health Data Space (EHDS), and the NIS 2 directive for safeguarding critical infrastructures. Furthermore, we update the social impact questionnaire used in the Social Impact Analysis performed in D2.5, and present the results obtained during the end-user evaluation from the hospital personnel that was involved in the related activities. Finally, the deliverable provides a gender analysis on the project’s gender-activities and reached audience.
- D2.1 Use Cases and Requirements (April 2019)
This report presents the three CUREX use cases that both highlight and set the means to derive the user requirements of the CUREX platform. More specifically, firstly the different CUREX stakeholders (e.g. patients, medical professionals) are presented. Then the use cases are described along with their scenarios to be supported. A key part of the report is the collection the requirements of the stakeholders, which are obtained through standard techniques employed to extract knowledge from domain experts. These requirements will fuel next project activities regarding the system design. Then, key performance indicators (KPIs) are devised (based on the specified requirements) to create a set of measurable goals for the platform validation in subsequent project phases. In summary, the use case descriptions and the requirements specification in this deliverable trigger the CUREX agile and iterative development approach to meeting the project objectives.
- D2.2 Overall Architecture Design (November 2019)
This document aims at presenting the reference architecture that has been designed for the CUREX solution. The process to build the CUREX reference architecture followed an incremental analysis process that started from the general requirements presented in the Description of Action and continued with the use cases and requirements performed in D2.1. Deliverable D2.2 will be used by all CUREX partners as the baseline for the design and development of all CUREX components and will provide the guidelines to integrate the CUREX toolkit with the Private blockchain, the end-users and their corresponding applications, into a unified secured platform for the risk assessment of health data exchange.
- D3.1 Asset Discovery Tool (January 2020)
This document describes the design and implementation of the Asset Discovery Tool (ADT), which is part of the CUREX architecture. It presents the state of the art in the field of asset discovery and other technologies that will be used in the development, the main characteristics of the tool, its internal architecture and the detailed description of each of its components. Moreover, the document presents the ADT in the context of CUREX, its interactions with other tools and in the CUREX uses cases.
- D3.2 Knowledge Extraction Analytics (November 2019)
This document describes the conceptual and physical design and implementation of the Knowledge Extraction Analytics (KEA) component of the CUREX platform. It presents its main functionalities, the reference architectures and the constituent analytics techniques. The detailed analysis of the architecture aims to reveal all the interconnections between the KEA component and the other CUREX platform components, such as the Threat Intelligence Engine component that will eventually encompass KEA. An additional objective of this document is to design and implement specific methods for detecting threats, identifying threat patterns and predicting possible threatstailored to the CUREX setting.This deliverable plays a key role in the CUREX platform architecture, as it comprises complementary techniques for vulnerability analysis in T3.3/D3.3 (Vulnerability Discovery Manager component), through providing threat patterns. Also, the analytics performed in the context of KEA will be complemented by the work to be performed in T3.4/D3.4 (TIE component). Finally, KEA receives input from both ADT (T3.1/D3.1) and TIE. All these interactions are explained in detail.
- D3.3 Vulnerability Discovery Manager (March 2020)
This document presents definitions of the main concepts and technical aspects related to the vulnerability analysis methods and practices. It provides details on the six main phases of any vulnerability management process (preparation, scanning, discovery, analysis, remediation and verification), and presents useful and up-to-date information about the healthcare ecosystems in terms of vulnerabilities, highlighting the main risks and challenges to which healthcare organizations are currently exposed, as well as available solutions to face them.
- D3.4 Threat Intelligence Engine (May 2020)
This deliverable constitutes a report on the activities performed in the context of task T3.4, entitled “Threat Intelligence Engine”. Its purpose it to present the CUREX Threat Intelligence Engine (TIE), which is the tool responsible for delivering threat intelligence functionalities within the CUREX architecture.
- D4.1 Cypersecurity Assessment Tool (July 2020)
This document presents definitions of the main concepts and technical aspects related to the risk assessment. It provides technical details about the development of the Cybersecurity Assessment Tool (CAT), its architecture design, inputs and outputs, as well as information about the interactions of CAT with other CUREX tools. It defines the risk assessment models used in their analysis and provides information about its deployment and usage.
- D4.2 Privacy Assessment Tool (August 2020)
This deliverable describes the Privacy Assessment Tool (PAT) tool of the CUREX platform. PAT aims to provide hospitals and care centres with the appropriate privacy levels in complete alignment with the GDPR directives to protect patients’ privacy and sensitive data. PAT assesses the privacy risks based on identified vulnerabilities of the ICT assets for the infrastructure of the healthcare organisations. In this way, PAT informs the decision makers about the privacy risk levels of the data processing activities and enables them to evaluate the degree of compliance of the healthcare organisation with the GDPR. In order to highlight the competitive advantages of PAT, the deliverable presents an analysis on the most widely known privacy-oriented risk assessment standards and privacy impact assessment tools. Based on our research, a gap has been identified in the existing privacy assessment methods and tools, which is the lack of a risk scoring system that adequately considers the context of the environment for identified vulnerabilities. Thus, PAT addresses the need for a Risk Scoring System that numerically scores the effect that a potential exploitation of a vulnerability may have on users’ privacy.
- D4.3 Optimal Safeguards Tool (September 2020)
This deliverable describes the prototype of the Optimal Safeguards Tool (OST) designed and implemented in the context of the CUREX project for calculating optimal combinations of cybersecurity safeguards to protect healthcare organisations. These calculations are undertaken by the OST Core and are visualised on the OST Dashboard. The real-world safeguards selected, analysed and used in OST for the purposes of this deliverable are the Critical Internet Security (CIS) Critical Security Controls. Further, five different attack types have been selected to be mitigated by these Controls. The OST framework is equipped with capabilities for splitting a cybersecurity budget into the different controls while maximising the degree of risk mitigation. OST Core and OST Dashboard exchange data for visualisation and for executing the Core in any new scenario. The dashboard also enables the selection of prioritising safeguards derived by the Cybersecurity Assessment Tool (CAT) in CUREX.
- D4.4 Cyber Hygiene (March 2021)
This deliverable summarises the work performed with respect to Cyber Hygiene in task T4.4. In CUREX, we define Cyber Hygiene as “a set of strategies and associated measures in the form of human-centric controls for raising cybersecurity and data privacy awareness of different employee groups in healthcare organisations”. In this context, the main contribution of this task is a survey-based risk assessment methodology that aggregates the participants’ responses collected through a survey questionnaire to reveal (lower or higher) risks related to various aspects of Cyber Hygiene and provide suggestions for remediation. The questionnaire is developed to extract knowledge and assess the needs and gaps of different employee groups at healthcare organisations by means of targeted questions. Essentially, the survey provides insights about the employee cybersecurity and data privacy awareness levels.
- D5.1 Blockchain Design Specifications (November 2019)
This report presents the design specifications for CUREX’s Private Blockchain. A blockchain technology overview and a review on the current state of the art for solutions in the permissioned setting are presented first. Based on it and the results from Task 2.1 (D2.1 Use cases and requirements) the requirements for the CUREX’s Private Blockchain are then presented. Additionally, more fine-grained information from the MyHealthMyData (MHMD) blockchain is included in a separate section to assist and complement the information already presented in deliverable D2.1. The aim here is to help guide the decisions for future work on implementation and integration within both blockchains. In summary, the technology selection and rationale behind the CUREX’s Private Blockchain design are introduced.
- D5.2 Blockchain Release (September 2020)
This report presents the final architecture for the CUREX’s Private Blockchain (PrB), technical documentation for the developed components related to PrB (including the smart contracts), and general deployment guidelines of the final prototype. Furthermore, it documents the rationale behind the main technical decisions related to the implementation of the Private Blockchain as well as the use cases. It builds upon work documented in deliverable D5.1 “Blockchain design specifications” and, as such, it elaborates on subsequent work related to the refinement of functionalities relevant to each use case, and changes between the original conception of the solution and the final one. As a release report, it includes more detailed information on the smart contracts and the integration between the blockchain and other tools of the CUREX’s framework when compared to D5.1. To reflect the work done in task T5.1 "Blockchain implementation & deployment", thorough explanations are given on how the associated challenges related to use cases functionalities and stakeholders’ needs were addressed to achieve GDPR compliance.
- D5.3 End user Applications (October 2020)
This report concerns the Deliverable 5.3 “End user applications” generated in the context of Work Package 5 (Task 5.2 “Health professional & patient applications”) of the CUREX project. It focuses on reporting the end user applications of the CUREX platform, namely the HPA (Health Professional application), the PA (Patient Application) and the CVT (CUREX Visualization Tool) aiming towards helping the patient, hospital personnel and all other stakeholders in establishing a secure and GDPR compliant process for health information exchange. The report is intended to be the reference document for all development phases of the aforementioned applications. It an in-depth description of all end user components, their main parts and technical aspects related to them. It provides information on the five phases of the development lifecycle followed (requirements analysis, design, development, integration and deployment), and presents the rationale behind the key design decisions. In addition, this document details the system architecture of the first Use Case “Emergency in a foreign country” by providing information on its processes and interactions with the other CUREX components.
This document is the first report deliverable outcome of the activities of Task T5.3 “Platform Integration and Validation”. Its objective is to provide technical documentation that accompanies the first integrated release of the CUREX platform that is the software prototype of D5.4. The 1st version of the developed and tested CUREX artifacts are stored in the private CUREX registry that was deployed for the needs of the project. In this document we present detailed information of the software tools that were setup and detail the processes that were established to release the first integrated release of the CUREX platform.
This document is the final report outcome of the activities of Task T5.3 “Platform Integration and Validation”. The objective is to provide the technical documentation that accompanies the second and final integrated release of the CUREX Platform. As with the first release, the final version of the developed and tested CUREX artefacts are stored in the private CUREX registry (JFrog Container Registry) that was deployed for the needs of the project. In D5.5, we document the updates made in the CUREX Continuous Integration/Continuous Deployment environment, referring to both supporting tools and development (DEV) servers used for the deployment of the CUREX components. Detailed reporting on the CUREX Platform testing is also included in this deliverable. We describe in detail the final tests (functional and integration) executed per CUREX component, given that the tests provided with the first integrated CUREX release were partial, not covering the whole functionality of the components according to their specifications. A major update from D5.4 is that this report also describes the system-level (or end-to-end) tests of the CUREX Platform, conducted on the complete integrated system to evaluate the system's compliance with its specified requirements. System testing follows integration testing, as it takes as its input all the integrated components that have passed integration testing. The system-level tests were based on the use cases of CUREX.
- D5.6 Platform Validation Report (March 2022)
This deliverable aims at documenting the security and performance testing of the CUREX platform. This is done through a technical assessment that includes different types of tests that assess security and scalability. Static Application Security Scanning (SAST) and Docker image scanning tools were used to obtain results that assess the overall security of CUREX components based on the number and severity of detected vulnerabilities. JMeter and its accompanying plugins were used to assess the performance and scalability of the CUREX components by ensuring that no errors have been encountered during the execution of the tests for each component. Also, the steps taken for fine-tuning and overall optimisation of components have been documented. One such example is the mitigation actions for the Apache Log4j library vulnerability that became a big concern recently for everyone that has been using this library. The outcomes of the tests indicate the next steps to be taken to further optimise the individual CUREX components. In addition, challenges and lessons learnt relevant to security aspects during the deployment and testing of the CUREX platform components in the CUREX Development and Integration environment are documented in this report. Based on the aforementioned items, recommendations for the final platform refinements can be elicited, to be realised beyond the CUREX project.
- D6.4 Demonstration and evaluation report for Use Case 1 (April 2022)
- D6.5 Demonstration and evaluation report for Use Case 2 (April 2022)
- D6.6 Demonstration and evaluation report for Use Case 3 (April 2022)
Work Package 6 “CUREX Demonstrations” comprises two distinct phases of CUREX, “Planning” and “Demonstration & Evaluation”. The demonstrations were divided in three use cases (i.e., 1,2 and 3). Each use case has their corresponding planning deliverables (i.e., D6.1, D6.2, and D6.3), and the validation of the said plans have been detailed accordingly in deliverables D6.4, D6.5 and D6.6. In these reports will be addressed the demonstration and evaluation. Altogether, D6.4, D6.5 and D6.6 validate the integrated tools and objectives of CUREX.
This document presents the CUREX dissemination, standardisation and exploitation activities, conducted until the end of the project. Even though this is the third and final version of the CUREX Dissemination, Communication, Exploitation, and Standardisation deliverables covering the period M19-M40, we report on the milestones achieved throughout the project in these areas.
This deliverable explores the means to deliver CUREX innovations to the market and to support this objective. Initial work performed has been documented in early WP7 deliverables (D7.2), as well as in the final exploitation plan (D7.3). The present deliverable concludes the market analysis and roadmap for the CUREX Platform, the main exploitable result that has been delivered by the project. The present report builds upon the previous deliverables of WP7 but also of D2.3, to present the final Go-to-Market plan. Initially, the characterization of the CUREX Platform as a Whole, as a Key Exploitable Result is presented. The work documented here has been the outcome of the support received by Horizon Results Booster – Business Plan Development Service.