Home » Security and Privacy by Design for Healthcare

Security and Privacy by Design for Healthcare

Healthcare webinar
Thursday, 10 December, 2020

Thank you for joining the Cyberwatching.eu webinar on Security and Privacy by Design for Healthcare: New solutions from EU H2020 Projects to comply with GDPR, Medical Device Regulation, EU Directive 2016/1148 on essential services and COVID context" focussing on developed solutions that are effective and usable in the healthcare context to reduce the overall ex-ante risk, this includes threats specific to Covid-like situations.

Webinar slides are available now!

Download a copy:

Watch the webinar video!

Learn more about the Health Project Cluster


Delivery of health services (clinical and administrative) through ICT and connected medical devices is a necessity for healthcare organizations, and changes the way healthcare services are delivered and data are shared. Therefore, cyberattacks and staff mis-behaviour may have significant negative effects on business continuity, patients’ safety and data privacy.

Current levels of privacy protection and security are highly dependent on the intrinsic risk embedded in the existing systems, medical devices and procedures: in a long term perspective, if the investments for physiological renewal/upgrade of these assets were inspired to a “privacy and security by design” approach, the overall risk would decrease.

According this approach the European Commission has set-up regulatory measures (e.g. GDPR, MDR, EU Directive 2016/1148), and also, through the Horizon 2020 programme, funded research and innovation projects to develop solutions that are effective and usable in the healthcare context to reduce the overall ex-ante risk. This includes threats specific to Covid-like situations.

Who should attend?

We invite representatives from hospitals, Medical Device manufacturers, ICT systems providers and Digital service providers to attend this webinar.

With repersentatives from the health, legal and cybersecurity sectors, we'll be hearing about the main challenges facing the medical sector in ensuring secure integration of services that comply to EU regulations. We'll also hear about three cutting-edge security and privacy by-design solutions under development thanks to EC-funding.

  • The Data Governance for Supporting GDPR (DEFeND) project provides an innovative data privacy governance platform which supports Healthcare organizations towards GDPR compliance using advanced modelling languages and methodologies for privacy-by-design and data protection management.
  • The Protection and Privacy of Hospital and Health Infrastructures with Smart Cyber Security and Cyber Threat Toolkit for Data and People (PANACEA) project provides medical device manufacturers, and healthcare organizations with a Security-by-Design Framework (SbDF), a comprehensive workflow including processes, software solutions and links to regulations, covering the entire Medical Device lifecycle, from requirement definition to in-hospital deployment.
  • The PlAtform for PrivAcY preserving data Analytics (PAPAYA) project is developing privacy-by-design solutions and a dedicated platform for data analytics tasks which are outsourced to untrusted data processors. This will allow stakeholders to ensure their clients’ privacy and comply with the European GDPR while extracting valuable and meaningful information from the analysed data. PAPAYA targets two digital health use cases, namely arrhythmia detection and stress detection, whereby patients’ data are protected through dedicated privacy enhancing technologies.


11:00 - 11:10: Welcome note and purpose of the Webinar - Marina Ramirez, AEI Ciberseguridad, Cyberwatching.eu

11:10 - 11:25: Challenges and an overview of the proposed Solutions - Sabina Magalini, Fondazione Policlinico Universitario Gemelli

11:25 - 11:40: The Roadmap to GDPR Compliance in e-Healthcare Services - Paolo Balboni/Anastasia Botsi, ICT Legal Consulting, Cyberwatching.eu

11:40 - 11:55: PAPAYA: PlAtform for PrivAcY preserving data Analytics (Healthcare Use Cases) - Orhan Ermis, EURECOM

11:55- 12:15: Security and privacy by design for healthcare data governance - Andrés Castillo, Pediatric Hospital Niño Jesús and Haris Mouratidis, University of Brighton, DEFeND

12:15 - 12:30: PANACEA framework of Security-by-Design Principles applicable to Health systems and medical devices development - Martina Bossini Baroggi, RINA

12:30 - 12:40: Roundtable discussion

12:40 - 12:45: Closing remarks


Anastasia Botsi

Anastasia Botsi is trained in European law, and has Professional University Certificate (ECPC-B DPO) from the European Centre of Privacy and Cybersecurity (ECPC) in Maastricht University. She has also been sponsored by the Dutch Science Foundation to conduct research on the legal issues of managing cyber-security risks and cyber-attacks.

Andrés Castillo

Andrés Castillo is the Head of Technological Innovation in Pediatric Hospital Niño Jesús in Madrid, who has a Doctorate degree in Software Engineering and degrees in Sociology and Physics. He is also a teacher of Computer Science and Cybersecurity.


Haris Mouratidis

Haris Mouratidis is Professor of Software Systems Engineering and founding Director of the Centre for Secure, Intelligent and Usable Systems (CSIUS) at the University of Brighton. He is Fellow of the Higher Education Academy, and a visiting professor at the University of Stockholm (Sweden) and the University of Ionian (Greece). His research interests lie in the intersection of security, privacy, and software engineering. He has pioneered work in developing methodologies, modelling languages, ontologies, tools and platforms to support the analysis, design, and monitoring of security, privacy, risk and trust for large-scale complex software systems. He has applied his theoretical work to practical applications in domains such as critical infrastructures, cloud computing, health-care, telecommunications, banking, and public-administration. He has published more than 200 papers (h-index 34) and he has led and/or participated in more than 30 projects, currently DEFeND, CYRENE, AI4HEALTHSEC and CyberSANE (all funded by Horizon2020). He is member of working groups at ERCIM, IFIP, BCS, BSI, an Expert Fellow of the UK EPSRC Digital Economy NetworkPlus SPRITE+ (Security, Privacy, Identity and Trust in Digital Economy) and Vice-Chair of the International Federation of Information Processing (IFIP) WG11.4 on Secure Engineering.


Martina Bossini Baroggi

Ms Martina Bossini Baroggi got her Master Degree in Bioengineering in 2017 from the University of Genoa. Analyst and software developer in RINA Consulting as part of the Italy Integrated Security Unit. Experienced in security-by-design in eHealth applications, risk assessment in HealthCare domain, software design and development, software verification and validation, data preparation and integration, and project coordination. Her profile combines software, cyber security and biomedical aspects acquired both at industrial and R&D level. In addition, she has previous experience in data processing in the field of AI, regarding deep learning and Convolutional Neural Network.


Orhan Ermis

Orhan Ermis is a postdoctoral researcher in the Digital Security Department at EURECOM. He received his PhD degree from Department of Computer Engineering at Boğaziçi University, 2017. Previously, he received his BS and MS degrees from Bahçeşehir University, İstanbul in 2005 and 2007, respectively. His current research interests are privacy enhancing technologies, verifiable computing, DDoS detection and security protocols.


Sabina Magalini

Senior Surgeon of the Emergency and Trauma Surgery Unit at the Fondazione Policlinico Universitario Gemelli (FPG) and Assistant Professor of Surgery at the Rome Catholic University School of Medicine (UCSC). She is also an Associate Researcher of the Italian National Council of Research (CNR-IASI); Fellow of the American College of Surgeon, of the American Association for the Surgery of Trauma and of the European Society for Trauma and Emergency Surgery (ESTES).

Her main interests focus on hospital surge plans, medical response to major incidents, emergency and trauma care system, decision support systems for major emergencies, training guidelines and standards in the framework of EU Programme projects (SICMA, EDEN, PULSE, REACHING OUT, ENCIRCLE, NO-FEAR). To all of these she actively participated as Investigator.



Marina Ramirez

Head Business and ICT Consultant and project manager. Telecommunications Engineering from the University of Malaga, with over 15 years experience in business and strategic consultancy for public administrations and SMEs. At CITIC; Marina develops strategic plans for innovation and information society, ICT and business advice to SMEs, development of commercial offers, attracting companies for participation in R + D + i projects. Reports, market research, analysis, project management.



On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.