Critical Healthcare Assets to be protected by SPHINX
Much like many other critical infrastructures, Healthcare Sector comprises several human and technological capital which is essential for its function. Subsequently, in such capital a series of critical assets can be recognised. In the context of cybersecurity, assets represent any resource that is worth protecting, for example data, components, functionality, services, people or physical resources.
Based on SPHINX development, the critical healthcare assets, which are taken into account, are the following:
Healthcare information systems: the digital administrative and clinical systems, applications and services supporting the activity of the healthcare service provider, both stored locally and accessed remotely (for example, national healthcare databases), including the Administrative and Billing System, the Building Management System (BMS), the Patient Admission System, the Remote Patient Monitoring System, the Telemedicine System, the Laboratory Information System (LIS), the Radiology Information Systems, the Picture Archiving and Communication Systems (PACS), the Electronic Health Records (EHR)and the ePrescription service;
Healthcare data repositories: the different databases in each healthcare service provider where information is stored locally;
Identification system: the system used to perform authentication of users, including patients and staff, and of equipment (e.g., beds);
Networked medical devices: a set of medical equipment integrated in the healthcare service provider’s IT network to support the delivery of care;
Mobile user devices: a set of user devices (tablets, smartphones, wearables) interacting with the healthcare service provider’s IT network to ensure the creation of new points of care (e.g., at home) and that the right information is available at the right place at the right time and to facilitate the mobility of staff and patients;
IT and networking equipment: infrastructure components enabling access to healthcare information systems (e.g., desktop computers and servers) and providing the connectivity backbone that connects them (e.g., routers and gateways);
Healthcare data: the informational resources at the centre of all medical decision-making processes to support high-quality healthcare services;
Buildings and facilities: the physical resources that are critical for the operation of the healthcare service provider, including the servers and data centre.
More information about the critical assets of Healthcare Sector can be found in Deliverble 2.4 which is publicly available here.