Synergy Workshop on Cyber Hygiene: Aftermath

On Thursday, April 15, 2021, at 14:00 CEST, the Horizon 2020 project CUREX, hosted the online workshop “Human-Centric Cyber Hygiene in Healthcare”. The event was a synergy that was co-organised by CUREX,  PANACEAProTegoASCLEPIOS, and SPHINX projects.

The scope focused on Cyber Hygiene, and especially on the human aspects related to raising the cybersecurity and data privacy awareness of the workforce in the healthcare sector. Experts from the contributing H2020 projects presented real-life results and lessons learned from healthcare end-users in the context of their EU-funded research.

In the opening keynote speech, Dr Elina Argyridou from the KIOS Center of Excellence of University of Cyprus presented a risk assessment methodology based on a wide survey conducted by the KIOS Center for CUREX project. The survey was held from mid-June 2020 until the end of September 2020 in three healthcare organisations. The survey found that in general, the sample IT and healthcare staff are aware of threats such as insider, accidental or international data loss, loss or theft of hardware and attacks against medical devices, whereas they are not aware enough about threats like social engineering attacks. The proposed methodology comprises 19 Control options classified among different risk categories and strategies regarding threats’ frequency, level and targets.

Professor Lynne Coventry from University of Northumbria, UK, gave the second keynote speech on behalf of project PANACEA. She explained the need for better cyber-aware healthcare staff, stressing that current cybersecurity approaches and practices can be often hindering the work of healthcare employees, thus leading to security workarounds. Prof. Coventry commented that the active involvement of staff in cybersecurity design is essential to overcome their reluctance. Such engagement, she argued, can happen via different interventions that should be less intrusive to professionals work and more effective. As proposed action, the PANACEA project aims to provide healthcare professionals with security “nudges”, which are incentives to adopt a more cyber-aware behaviour during performing their tasks.

The third keynote speech was made by Dr John Brian Pickering of the University of Southampton, UK and addressed end-users’ understanding of their cyber-hygiene responsibilities. The presentation was a cross-sectional perspective on the topic in the context of ProTego project. Dr Pickering supported that multiple stakeholders within the healthcare networks have different expectations as well as responsibilities related to cybersecurity mechanisms. He noted that awareness-raising and providing efficient equipment do not ensure the drastic adoption of cybersecurity-oriented practices by healthcare professionals. He added that intrinsic motivation to engage with security design and self-efficacy are key factors for the Health sector to actually feature security by design operation.

Professor Thomas Penzel from the Interdisciplinary Sleep Medicine Center, Charité-Universitätsmedizin in Berlin, Germany, was the fourth presenter on behalf of ASCLEPIOS project. He gave a keynote speech elaborating on the safety issues found in medical devices and applications that monitor sleep disorders. Prof Penzel underlined that cyber threats lurk in the multiparty sharing of data of such medical equipment, thus posing a challenge for different stakeholder categories related to healthcare. According to his presentation, the current vulnerabilities in sleep monitoring raise concerns not only in doctors but also in the overall healthcare organisations as well as the device manufacturers, health insurance companies and even the actual patients.

Mr Atanasios Tzikas from the University General Hospital of Larissa, part of the fifth Regional Health Authortiy of Thessaly and Sterea in Greece (DYPE5), gave a keynote speech representing SPHINX. He presented the findings of an extended survey organised by DYPE5 in the pilot sites of the project. The survey examined the cybersecurity awareness status of the healthcare organisations that are projected to provide a simulated part of their infrastructure for the pilot test and validation of SPHINX. Mr Tzikas highlighted the current areas that need interventions so that healthcare organisations can meet higher security standards. In his presentation, he paid attention to the need for tailored training actions both for the IT and the healthcare personnel in order to increase cyber awareness, thus enhancing one of the weakest parts of the cyber resilience “chain” of the sector.

Following the keynote presentations of the co-organising projects, Mrs Irene-Maria Tabakis of Cyberlens, Netherlands delivered a presentation on the Standardisation Activities implemented by CUREX project.

The workshop concluded with a panel discussion moderated by Prof. Christos Xenakis of the University of Piraeus, Greece in which Dr Christos Ntanos from Decision Support Systems Lab of NTUA, the coordinator of SPHINX, took part. The panellists elaborated on subjects including the cyber threats landscape during the Covid19 pandemic, the overall maturity of cyber awareness among healthcare personnel, the issues where ethics and cybersecurity mechanisms need to find common ground as well as the GDPR and NIS Directive and their impact on cybersecurity in Health Sector.

The recorded session is available at CUREX project Facebook page.