The concept

SPHINX brings a Universal Cyber Security Toolkit for the Health and Care Domain that enhances the cyber protection of the healthcare IT ecosystem and ensures the patients’ data privacy and integrity. The SPHINX toolkit offers an embedded, smart and robust security awareness layer, able to identify modern and advance cyber threats, enhanced with a personalised data security management tool. 

The SPHINX architecture has the capability to concentrate and handle the data of a large number of devices or services, thus covering a wide range of use case scenarios. The SPHINX users are kept informed at any time via highly comprehensive dashboards and visual analytics, while being able to interact with the services and functions of the proposed solution in an intuitive and user-friendly way.

The SPHINX automated zero-touch device and service verification toolkit is easily adapted or embedded on existing, medical, clinical or health available infrastructures, whereas a user may choose from a number of available security services through the SPHINX cyber security toolbox.

Users may utilise a variety of services that possibly request a share of their personal information to the eHealth service providers for personal medical services. Personalised medical services are highly sensitive to the context and the requirements of the user, while a service may not require the same level of personalisation. Different levels of personalisation are needed in digital Information and Communication Technology (ICT) services, which are highly dependent on types of service and user requirements. 

SPHINX embeds an innovative architecture to fulfil the following purposes: (a) scrutable user-side personalisation with dynamic privacy control by exploiting a predefined configuration (b) re-usability of the parts of a user model across different services.

The usability of the SPHINX Platform is paramount to the widespread uptake and usage of the project. It is designed to facilitate the operation of the SPHINX toolkit in real-life conditions, allowing regular technology users (not limited to cyber security experts) to operate the system. The relevant SPHINX outcomes from a user’s perspective are:  

  • Cybersecurity Vulnerability Assessment and Certification Toolkit that address in a systemic way the healthcare sector including healthcare providers (e.g., hospitals, care centres), manufacturers (e.g., medical devices and devices carrying personal health data), supporting service providers (including IT developers) and consumers (e.g., patients).
  • Interactive Dashboards that allow users to visually observe and compose their own processes directly on the user interface, enabling intuitive customisation of actions and views related to data events in order to obtain a better granularity and effectiveness of the analysis.
  • Actionable Alerts that create a sense of urgency and explain why it is important to act or react, summarising the reason for the alert and emphasising exactly what the action response will cause to happen. The alerting sub-system also provides specific means for establishing the authenticity of alerts.
  • Assessment Checklists that provide users with effective ways of evaluating the state of readiness and the potential exposures and vulnerabilities that were available in the past only to experts, thus increasing awareness of cyber security issues.