- Use Case 2a: An IoT Healthcare Platform
Most IoT devices are insufficiently protected as vulnerabilities imposed/left in place by the manufacturer, but most importantly by the fact that most of them need to transmit data over the public Internet exposing them to a large attack surface.
Scenario. The department of Neurobiology, Care Sciences and Society of the Karolinska Institure (KI) has recently deployed the Interaktor service for patient outbound clinical monitoring. It uses a platform (Figure 1‑6) operates by collecting monitoring biometric data from each patient’s environment and activity. This data is collected by an application installed in patient’s smartphone/tablet and communicated to the medical centre for evaluation. Doctors have the ability to review aggregated reports on patient’s data and provide patients with the appropriate feedback, in the form of a motivational coaching schedule. Recently, doctors and administrators have noticed that some installations fail to register measurements of their devices. This phenomenon concerns the institution as not only imposes service disruption, but in the long term it may pose a threat to patient’s safety. Having chosen to adopt the CUREX Platform, the institutions chief officers decide to evaluate the situation. At the initial stage, the Asset Discovery Tool (ADT) identifies all devices and services that have direct access to health data. Next, the Vulnerability Detection Manager (VDM) creates a list of vulnerabilities (human and technical), with the aid of a vulnerability database. It also identifies possible human related actions and habits that may result to additional risk due to social engineering attacks. In turn, the Cybersecurity Assessment Tool (CAT) informs organisation officers with adversarial models, which inform them on the possible attack surfaces, as well as possible threat profiles. The whole threat intelligence process uses machine learning and receives constant feedback from the CUREX Private Blockchain (PrB), which hold historical audit logs and transactions including risk context information. CAT completes the assessment procedure by calculating the quantifiable cybersecurity risk of the healthcare organisation by capturing the whole data lifecycle. The assessment methodology significantly helps the administration team to realise the inherent risk to the data and with the aid of the Optimal Safeguards Tool (OST) they are now able to perform the required actions to mitigate the security risks accordingly. These actions are safeguards and upgrades that need to be performed to secure their systems. The organisation incorporates machine learning monitoring services for audit logs analysis that will detect and visualise anomalies to administrators.
- Use Case 2b: Risk Assessment for a POC System
Healthcare Point of Care systems (POC) have been widely used in hospitals in order to provide innovative solutions to medical professionals and physicians and provide them with an overview of the patients’ condition in a way that it makes easier for them to respond on time and prevent critical situations. POC systems are platforms that incorporate devices and applications in order to collect, process and visualise data. Naturally, these types of platforms create an expanded attack surface, as the variety of devices and systems used have unique vulnerabilities, which may be more challenging to identify and address. As large amounts of data, which contain personal identifiable information (PII) and sensitive medical data, is being communicated across various devices or sensors, backend analytical platforms, and user workstations or smartphones, it becomes evident that there are multiple threats that may cause data leakages or breach incidents. Hospitals and care centres need to address this challenge by efficiently assessing the associated risks and mitigate them with the proper cybersecurity safeguards.
Scenario. The Fundacio Privada Hospital Asil De Granollers (FPHAG) is operating the SAVAC POC platform. The platform incorporates a number of devices and applications to gather measurements and clinical data from patients treated inside the hospital and sends them to the backend information system of the hospital. These devices or applications range from simple spirometry, endoscopy or ECG devices that generate clinical reports, to more advanced applications or systems, such as mobile applications for collecting blood pressure, heart rate, temperature, oxygen saturation levels and the Lab Information Management System which collects and sends lab data (microbiology data, bacteriological studies etc.). In addition, the hospital uses the Qlik analytics platform which operates directly on data collected by SAVAC and generate analytics dashboards and visualization reports for the hospital managers. The hospital IT department has raised concerns about the cybersecurity issues that may emerge from the operation and the communication of the clinical data. Indeed, since the data contains highly sensitive PII, it must be ensured that the hospitals’ information systems are properly maintained and any vulnerabilities are identified and timely patched. Also, since the hospital has the technical capability of generating data reports and exchanging them with third-parties, the platform must ensure that proper cybersecurity and privacy safeguards are in place in order to protect the integrity of the data and –most importantly- the patient safety. Consequently, the hospital decides to adopt the CUREX Platform in order to address these issues immediately. The Asset Discovery Tool (ADT) gathers all information regarding technical and human resources which have a direct correlation with the SAVAC and Qlik platforms, and semantically annotates them. The resulting ontology graph is then used for identifying security vulnerabilities by the Vulnerability Discovery Manager (VMD), by utilizing vulnerability libraries and zero-day online databases, which in turn enrich the existing ontology. The threat intelligence phase employs anomaly detection procedures that can be used for detecting intrusions and malicious activities, as well as analytics to detect insider threats. The Cybersecurity Assessment Tool (CAT) receives input from the asset, vulnerability and threat intelligence tools and performs the cybersecurity related risk analysis. On the other hand, the Privacy Assessment Tool (PAT) performs a similar analysis, but this time it evaluates the privacy awareness level of the organisation and the platform in terms of respecting the guidelines of the GDPR. Both tools perform then a risk analysis based on the findings and the input from the organisation staff, which initially shows that in terms of cybersecurity the hospital operates both platforms (SAVAC & Qlik) with the proper cybersecurity awareness and readiness, except from some minor vulnerabilities that have been identified in personnel workstations. However, CAT found that personnel lack the proper awareness when operating the software and devices. The hospital managers are encouraged to strengthen the organisations’ cyber hygiene by promoting training sessions in order to envision cybersecurity and privacy preserving practices when they operate the devices and software applications of the SAVAC & Qlik platforms. Additionally, these sessions need to inform them on possible threats that aim to leverage certain human vulnerabilities (e.g. social engineering) in order to gain unauthorized access to systems and data. Also, since the hospital aims at exchanging data with third-parties, additional safeguards need to be taken towards ensuring that data privacy is preserved according to the GDPR. The Optimal Safeguards Tool (OST) creates visual reports based on the analysis of CAT and PAT and based on decision support algorithms it presents the hospital managers with a set of recommendations that they need to implement in order to effectively mitigate the existing risks. Finally, OST proposes a set of anonymisation and encryption techniques that need to be implemented and integrated into the existing platforms in order for the hospital to be able to exchange data without violating patient privacy by effectively masking PII.