PANACEA

Hospitals are becoming the frequent target of cyber-attacks, with very serious consequences in terms of both data leakage and business continuity coupled with potentially very high economic costs. This is where PANACEA comes into play as an integrated solution for cybersecurity in healthcare combining a complementary set of tools focused on people, processes and technology. 

Transferring research and innovation results through the PANACEA Healthcare Cyber Security Advisory Service (PHCAS) as a virtual organisation is a clear sign that in 2022 we are ready to take this integrated solution to market to support healthcare organisations in implementing their adoption roadmaps and investment plans by with a spectrum of measures to build their cyber resilience.  

This integrated solution comprises diverse tools for people, processes and technology specialists:

• Human-centric tools: Secure Behaviours Nudging Tool; Secure Behaviour Education and Learning Package.
• Processes and people: Resilience Governance and Financial Viability Multi-Dimensional Model to support decision-making on cybersecurity. 
• Technical solutions: Dynamic Risk Management Platform; a Secure Information Sharing Platform, a Secure Design Support Platform with a Secure Design Support Platform and a Compliance Tool; a twofold approach to Identity Management Platform - human to machine and machine to machine. 

Who is the PANACEA Toolkit for?

The tools target diverse decision makers and professionals working in healthcare. 

• Secure Behaviours Nudging Tool: Hospitals and other Healthcare providers. Managers in charge of managing staff behaviour and education as well as Information Technology Managers, Information Security Officers, Risk Managers. 
• Secure Behaviour Education and Learning Package: All staff members of healthcare organisations (managers, clinicians, administrators and support staff: contractors, sub-contractors, casual workers and individuals working on site temporarily. Managers in charge of managing staff behaviour and education, Information Technology Managers, Information Security Officers, Risk Managers, Physical Security Managers and Supervisors
• Resilience Governance and Financial Viability Multi-Dimensional Model: An innovative approach to cybersecurity investment planning and implementation in healthcare for personnel in healthcare, spanning Information Technology Managers, Information Security Officers, Risk Managers, Data Protection Officers, top managers in hospitals and other healthcare providers, Financial Managers, Public Health Managers/Authorities.
• Dynamic Risk Management Platform: Information Technology Managers, Information Security Officers, Risk Managers. 
• Secure Information Sharing Platform: Information Technology Managers, Information Security Officers, Data Protection Officers, Public Health Managers/Authority, Medical Staff involved in clinical information sharing. 
• Security by Design Framework - Secure Design Support Platform: Medical Device Manufacturers/Developers, Information systems Providers/Developers, Project managers, Medical devices Product managers, Clinical Engineering Dept. Officers, Information Technology Managers, Information Security Officers, Quality and regulatory affairs dpt./officers.
• Security by Design Framework - Compliance Support Tool:  Medical Device Manufacturers/Developers, Information systems Providers/Developers, Project managers, Medical devices Product managers, Clinical Engineering Dept. Officers, Information Technology Managers, Information Security Officers, Quality and regulatory affairs dpt./officers.
• Identity Management Platform Human-2-Machine: Device providers, hospital ICT, electronic Health record vendors, governmental markets linked to the ministry of health to manage at the regional or local level health records.
• Identity Management Platform Machine-2-Machine: Healthentia – Qtrobot secure integration: Information Technology Managers, Information Security Officers, Medical Device Manufacturers, Clinical Engineering Department Officers, Managers of Nurse and Medical Staff.

How do end-users benefit?

• The Secure Behaviour Nudging Tool gives users a solution that complements technology and policy approaches by addressing real human behaviours which are impacting cybersecurity, using a theory driven approach to identify the underlying reasons for the behaviours,  barriers to change and how to tackle them. 
• The Secure Behaviour Education and Learning package is designed to show to all people who work in healthcare organisations the close relationship between secure cyber-related behaviour and practices and the health and well-being of patients. It complements the technical tools by stimulating behaviour change by educating staff on the importance of individual behaviour in creating a secure cyber environment for them and their patients. 
• Resilience Governance and Financial Viability Multi-Dimensional Model: The models help hospitals in setting up a security governance assessment capability, with guided analysis, organisation design and training on how to use the controls’ list and financial tool.
• Dynamic Risk Management Platform: uniquely combining technical, human and business-related vulnerabilities when computing possible complex attack paths. 
• Secure Information Sharing Platform: Supporting the sharing of customisable types of data (including data of big size, such as hi-res images), in full support of GDPR, and with a full suite of supporting certificates and encrypted communications.
• Secure Information Sharing Platform:creates federations of tenants, spanning multiple countries and multiple organisations. Distributed and centralised deployment models are available. It can support the sharing of customisable types of data (including data of big size, such as hi-res images), in full support of GDPR. Security is also taken into consideration, with a full suite of supporting certificates and encrypted communications. 
• Security by Design Framework - Secure Design Support Platform: Besides performing ‘traditional’ risk assessment, the tool can also import system requirements, design elements and trace them to the risk assessment iterations. It can also be tailored to specific sectors to better support system and device development, like medical devices.
• Security by Design Framework - Compliance Support Tool: designed both for conformity and risk assessment  in healthcare organisations, supporting medical device manufacturers during the entire medical device lifecycle. Checklists are extracted from the analysis of several European regulations relevant to cybersecurity and the healthcare sector. The Compliance Support Tool ensures users of Security-by-design Framework are aligned with the ENISA guidelines for the analysis of potential candidates of certification schemes.
• The Human-to-Machine identity management platform is an access control solution that is easy to use, suitable for workstations / devices shared across many users, secure, affordable, easy to integrate into the existing IT infrastructure, and GDPR compliant. 
• The machine-to-machine identity management platform enables the secure collection of reported patient outcomes using a natural interface suitable for certain niche patient groups.