Use Case 3

Securing Healthcare: Cybersecurity Measures for Resilient Digital Identities

COMPANY INFO: IDENTITY, ACTIVITIES & OBJECTIVES

The Hospital do Espírito Santo Évora (HES) in Evora, Portugal, serves as the primary and largest healthcare facility in the Alentejo region, attending to a population of 498.804 individuals. Aligned with the Internal Health Network managed by the Ministry of Health Services, HESE recognizes the critical need for cybersecurity in the healthcare sector. Emphasizing the importance of resilient secure digital identities, the hospital strives to protect both patient health and sensitive medical data from potential breaches, acknowledging the risks posed by cybercriminals aiming to exploit and sell personal information in the evolving landscape of healthcare security.

EXISTING WORK IN THE DOMAIN OF THE PROJECT

Regarding privacy-preserving technologies in healthcare, there is a growing emphasis on leveraging advanced cryptographic techniques, such as homomorphic encryption and secure multiparty computation, to ensure the confidentiality of sensitive patient information. These methods enable data analysis without the need to expose raw patient data, thereby striking a balance between the need for information sharing and individual privacy. Digital identity management in healthcare has seen significant advancements through the adoption of federated identity systems, where a patient’s identity can be securely authenticated across different healthcare institutions. Biometric authentication, such as fingerprint or facial recognition, is increasingly integrated for patient identification, enhancing both security and user experience. Additionally, there is a trend towards patient-centric identity management, empowering individuals to have more control over their health data. Role-based access controls and attribute-based access control models are being employed to ensure that only authorized personnel can access specific patient records, aligning with the principles of least privilege. These state-of-the-art practices collectively contribute to creating a secure and privacy-preserving healthcare ecosystem.

GAPS IN THE MARKET

In the dynamic landscape of healthcare technology, several critical gaps persist such as interoperability challenges and the integration of healthcare systems with identity management solutions across providers, demanding novel approaches for efficient data flow. The evolution of cyber threats necessitates comprehensive privacy-preserving solutions capable of proactively countering emerging risks. An emerging need for patient-centric identity management emphasizes the market demand for systems empowering individuals to control their health data securely. The absence of standardized digital identity protocols in healthcare calls for universally accepted frameworks to ensure secure verification across platforms. Increasing cyber threats underline the market gap for specialized tools conducting regular cybersecurity resilience testing, particularly in identity management systems. Affordability and scalability issues present an opportunity for solutions providing scalable and cost-effective identity management, catering especially to smaller healthcare organizations. The establishment of a centralized digital system through a Health Information System (HIS) not only ensures the secure storage of patient health records but also highlights the significance of accurate and reliable digital identities for patient authentication and authorization.

Within the RECITALS project, the HES Test Environment plays a crucial role in piloting innovative solutions for privacy-preserving technologies. It facilitates the testing and validation of methodologies and technologies proposed by the RECITALS project, ensuring their effectiveness in a healthcare context. The HIS/EHR serves as a centralized digital system, storing patient health records, and interfaces with the Laboratory Information System (LIS) and the Picture Archiving and Communication System (PACS) to integrate laboratory results and medical images directly within the patient’s electronic health record. LIS manages laboratory test results, ensuring accuracy and efficiency in diagnostic testing. PACS handles the storage and retrieval of medical imaging data, providing seamless access to healthcare providers.

DATA, DATA MANAGEMENT PROCESSES & DATA TO BE USED IN RECITALS TASKS

HES plays a critical role in the RECITALS project by generating synthetic data through a dedicated testbed that mirrors the operational environment of HES and associated healthcare assets. In this testbed, dynamic datasets including user, infrastructure, and control plane data are specifically tailored to the contextual scenario envisioned for the Use-Case. This controlled and realistic environment ensures that the project can rigorously test digital identity management innovations in the healthcare sector. To address platform integration, each Use-Case will define its unique requirements, and the synthetic data will be aligned with the technical and operational specifications to ensure seamless integration of the RECITALS platform. This will allow the project to demonstrate and test digital identity management innovations in the healthcare sector. RECITALS’ Cryptography and Anonymization Manager will facilitate the sharing of research data through the European Health Data Space (EHDS) in a secure and privacy- preserving way that facilitates medical research and the development of new therapies. Apart from raw data, this use case will also share refined, processed data that are produced through RECITALS’ modules for privacy-preserving data analytics, federated learning etc. This will be accomplished through the interoperability of EHDS, which allows for seamless data exchange across diverse systems and formats. RECITALS is designed as a modular system, meaning its core components (such as identity management, privacy-preserving analytics, and compliance modules) can be integrated into existing HES workflows and IT infrastructure. This modularity allows for flexibility and ease of integration depending on the data-sharing and privacy requirements of each HES application. The integration will involve rigorous testing of RECITALS modules within the synthetic environment to ensure compatibility, data accuracy, security, and performance.

RECITALS GOALS FOR USE CASE 3

With respect to identity management of HES environment and external collaborators, the goal of this use case is:

  1. To conduct cybersecurity resilience testing particularly in identity management system and domain controller achieving a 95% success rate in threat detection and mitigation during simulated attacks.
  2. To implement advanced cryptographic techniques with implementation across 100% of HES data-sharing processes
  3. To integrate the HIS/EHR with RECITALS achieving at least 90% system interoperability with no data loss or errors during testing.
  4. To detect and respond to 98% of cyber threats in under 5 seconds, preventing unauthorized access to healthcare systems.
  5. To use behavioral analytics to monitor user activities and detect potential insider threats by identifying anomalous behavior patterns with 95% detection of insider threats.
PARTNERS INVOLVED

NKUA, TUD, UPC, PDM, LUH, DCU