Protection and privAcy of hospital and health iNfrastructures with smArt Cyber sEcurity and cyber threat toolkit for dAta and people

Sabina Magalini
Stephanie Parker
Rita Giuffrida

01 January 2019

31 December 2021

EC funded project

PANACEA Research is driving a people-centric approach to cyber security in healthcare. Running from January 2019 to December 2021, this research and innovation action will design, develop and deploy the PANACEA Toolkit for uptake in hospitals, care centres and other medical facilities.

The Toolkit includes four technical tools: A Dynamic Risk Management Platform, a Secure Information Sharing Platform, a Secure Design Support Platform, an Identity Management Platform, and five human-centric tools: A Training and Education for Cybersecurity Tool, a Resilience Governance Tool, a Secure Behaviours Nudging Tool, a Value Assessment Tool and an Implementation Guidelines Tool.

Who is PANACEA Research for?

PANACEA Research is for medical and IT staff working in healthcare organisations, meeting the need to enhance cyber security and patient safety. To this end, PANACEA has three end-user partners, namely Agostino Gemelli University Hospital in Rome, the 7th Health Region of Crete and the South-South West hospital group of the Health Service Executive (HSE) in Ireland. PANACEA also works with an End-users and Stakeholders Platform to ensure independent guidance and feedback.

Feedback from these healthcare stakeholders includes interviews and workshops with medical and non-medical staff, IT teams, senior managers and administrative staff, thereby ensuring a solid people-centric basis for the development, validation and adoption of the PANACEA Toolkit.

PANACEA Research also engages with peer projects on cyber security and healthcare. An early achievement is the setting up of a task force with CUREX, SPHINX and SecureHospitals to share findings, investigate market drivers and end-user perspectives to boost the dissemination of results.

How do end-users benefit?

PANACEA end-users will benefit from advances in cyber security assessment and preparedness of healthcare IT infrastructures and connected devices.

To meet both human and technical requirements, PANACEA Research is developing a solution toolkit with 4 health tech and 3 organisational tools. The tech tools aim for a technology readiness level of 6 with a prototype system tested by end-user partners.

  • Dynamic risk assessment and mitigation: threat modelling, attack modelling, response management through technical and human-centric security measures, and visual analytics.
  • Identification and authentication: cryptographic authentication protocols, biometric recognition/digital identity, IoMT identification.
  • Security-by-design: methods and tools for healthcare systems and software.
  • Secure behaviour decision models and influencers.

Achievements so far (September 2019)

PANACEA Research Report on User and technical requirements and scenarios (April 2019): These requirements and scenarios focus on protection from cyber threats in health systems. PANACEA has defined four models and their taxonomies: The Healthcare Organisation Model; the Device Lifecycle Model; the Systems Lifecycle Model and the Cybersecurity for Healthcare Model. PANACEA has also mapped its technical and non-technical tools onto the Cybersecurity for Healthcare Model. This report is the starting point for the development of the PANACEA Toolkit as it will guide partners through all future phases, spanning toolkit requirement definition, research, development, and integration in healthcare organisations with testing and validation by end-users. Key references include the NIST Framework for improving Critical Infrastructure Cybersecurity and the NICE Cybersecurity Workforce Framework.

PANACEA Research Report on end-user requirements (July 2019): Defines three main cyber risk scenarios based on cyber-attack-driven, regulatory-driven and behaviour-driven analyses. This report draws heavily on multi-stakeholder engagement, as well as on ENISA’s sector specific insights and good practice guides. Inputs come from workshops and interviews at the end-user partners’ premises, the first PANACEA Stakeholder workshop (May 2019), online surveys on the main research topics and interactions with members of its End-users and Stakeholder Platform.

Next Steps

PANACEA Research is drawing on early findings based on ENISA risk scenarios, NIST cybersecurity framework and NIST NICE framework to define its technology roadmap. On-going work is focused on:

  • Definition of technical requirements for the solutions toolkit.
  • Scenario scoping, use cases and KPI definition.
  • Review of the state of the art, including factors determining human behaviour.
  • Assessment of risk scenarios and vulnerabilities in healthcare.
  • Definition of governance models, compliance and assurance models.
  • Development of awareness and training concepts.


Vertical Category:

Past Events