The 2nd PANACEA End-User and Stakeholder Workshop takes place virtually between 15-17 and 23, 24 September 2020. 

Session 1. Dynamic Risk Management Platform: Tuesday 15.09.2020, 14:30-17:30 CEST

DRMP is designed to protect a complex IT infrastructure by quantitatively assessing the current level of risk through a multi-dimensional threat analysis and the current business impact. An innovative aspect of DRMP is the multi-dimensional attack model, used to represent the role played by human behaviours in the development of a cyber-attack. The model tries to capture how human users currently access ICT and medical devices, identifying human vulnerabilities that can be exploited to materialise the most common threats in healthcare organisations.

The risk computation triggers the definition of technical and non-technical mitigation actions with the objective of reducing the risk level by taking into consideration the business impact that the actions may cause.

Targeted participants: Information Technology Managers, Information Security Officers, Risk Managers

Registration link (CEST is indicated as Rome):

Register now →

 

Session 2. Cybersecurity Risk Governance:  Wednesday 16.09.2020, 14:30-17:30 CEST

The PANACEA Cybersecurity Governance Model comprises the HealthCare Cybersecurity Governance Tool and the Healthcare Cybersecurity Organisation Model. The purpose of the Healthcare Cybersecurity Governance Tool is to evaluate the Information Security Management System (ISMS) of healthcare organisations as a standard entity for cybersecurity management.

The HCG-Tool enables the assessment of “Level of Gaps” in relation to diverse cybersecurity standards (ISO 27001, NIST SP800-53 and TOGAF-O-ISMS3), which are  combined into a set of “Security Controls” that take into consideration also specific security aspects of the Healthcare domain.

The tool assesses the ISMS status and identifies ISMS functions gaps that need to be improved, according to the cyber risk assessment and mitigation actions list.

The Healthcare Cybersecurity Organisation Model manages, deploys and improves the Information Security Management System of healthcare organisations. The model comprises a set of guidelines for designing an IT security structure, enabling any healthcare organisation to identify and implement actions or countermeasures.

The use of both solutions is an innovative approach designed for decision makers when making an organisational investment plan to build an IT Security or cross-departmental unit. 

Targeted participants: Information Technology Managers, Information Security Officers, Risk Managers, Data Protection Officers, Hospital (and other Healthcare providers) Top Managers, Public Health Managers/Authorities

Registration link (CEST is indicated as Rome):

Register now →

 

Session 3. Identity Management - Human-to-Machine and Machine-to-Machine Authentication: Thursday 17.09.2020, 10:00-11:30 CEST

This session is on both human-to-machine and machine-to-machine authentication. 

The Identity Management Platform for human to machine authentication (IMP H2M) is designed to make sure that users of a medical system or medical device are known to the hospital system and are really who they claim to be. The tool allows user authentication based on two authentication factors which are the biometry (who you are) and a smartphone (what you have). The design of the system is based on several requirements that where defined by field observations and interviews made with different actors in the eco-system.

The IMP H2M tool brings many innovative points to the security of the hospital Information technology system since It resolves the credential sharing issues with a secure, frictionless and GDPR compliant solution.

Targeted participants: Clinical Data Managers, Clinical Engineering Dept Officers, Information Security Officers, Data Protection Officers, Networked Medical Device Manufacturers

IMP M2M: Healthentia – Qtrobot secure integration: An implementation of PANACEA’s Identity Management Platform, Machine-to-Machine communication

PANACEA’s Identity Management Platform gives guidelines governing the handshake between two machines wishing to securely exchange sensitive data. These guidelines are presented in practice via a demonstration of the Healthentia – Qtrobot secure integration system. Healthentia is an eClinical system gathering information. QTrobot is an assistive device, facilitating kids’ interaction with systems. The goal of the integration is to use QTrobot as means to collect questionnaire answers via a natural spoken interface and measure body posture and emotion, while all the collected info is securely transferred to Healthentia.

Targeted participants: Information Technology Managers, Information Security Officers, Medical Device Manufacturers, Clinical Engineering Dept Officers, Managers of Nurse and Medical Staff

Registration link (CEST is indicated as Rome):

Register now →

 

Session 4.  Secure Information Sharing Platform: Thursday 17.09.2020, 14:30-17:30 CEST

The Secure Information Sharing Platform is one of the technological tools of the PANACEA Solution Toolkit designed to deliver a secure sharing support tool enabling healthcare personnel to coordinate and share healthcare information in near real time within their own organisation and with external organisations. The SISP enables healthcare professionals to exchange healthcare information more efficiently, in compliance with applicable regulations and more securely than the current baseline, by promoting interoperable file formats, cryptographic methods and a mutual trust model.

Information sharing can be performed between different healthcare organisations, across borders and between organisations within a single country.

Targeted participants: Information Technology Managers, Information Security Officers, Data Protection Officers, Public Health Managers/Authority, Medical Staff involved in clinical information sharing

Registration link (CEST is indicated as Rome):

Register now →

 

Session 5. Security by Design Framework Part 1: Wednesday 23.09.2020, 11:00-13:00 CEST

This session is Part 1 of the PANACEA Security by Design Framework. 

PANACEA provides medical device manufacturers, health application providers and healthcare organisations (i.e. hospitals) a Security-by-Design Framework (SbDF): A comprehensive workflow including processes, software solutions and links to regulations. SbDF is designed to overcome design limitations of medical devices, which currently do not specifically - or poorly - include security-engineering aspects regarding cyber risks. SbDF is based on a typical assessment and system monitoring audit workflow with the support of specific solutions addressing conformity assessment (through compliance schemes) and risk assessment (addressing cybersecurity and engineering aspects). The target applicable model of PANACEA SbDF is the defined device lifecycle model, which considers networked medical devices categories, lifecycle phases and roles.

Targeted participants: Medical Device Manufacturers/Developers, Information systems Providers/Developers, Clinical Engineering Dept. Officers, Information Technology Managers, Information Security Officers, Risk Managers

The Secure Design Support Platform (SDSP), developed by RHEA, is a risk assessment platform for use in healthcare environments. Its use for health systems and/or medical devices ease compliance with Security-by-Design principles. The purpose of this tool goes beyond health systems/medical devices to cover the operatiional context in which they are used, guiding the architectural and/or development choices through detected critical risk level scenarios and the security controls needed to decrease their risk level.

Registration link (CEST is indicated as Rome):

Register now →

 

Session 6. Security by Design Framework Part 2: Wednesday 23.09.2020, 14:30-16:30 CEST

This session is Part 2 of the PANACEA Security by Design Framework. 

PANACEA provides medical device manufacturers, health application providers and healthcare organisations (i.e. hospitals) a Security-by-Design Framework (SbDF), a comprehensive workflow including processes, software solutions and links to regulations. SbDF is designed to overcome design limitations of medical devices, which currently do not specifically - or poorly - include security-engineering aspects regarding cyber risks. SbDF is based on a typical assessment and system monitoring audit workflow with the support of specific solutions addressing conformity assessment (through compliance schemes) and risk assessment (addressing cybersecurity and engineering aspects). The target applicable model of PANACEA SbDF is the device lifecycle model defined, which considers networked medical devices categories, lifecycle phases and roles.

Targeted participants: Medical Device Manufacturers/Developers, Information systems Providers/Developers, Clinical Engineering Dept Officers, Information Technology Managers, Information Security Officers, Risk Managers

From a solution point of view, the SbDF is composed by two different tools: The Secure Design Support Platform (SDSP) and the Compliance Support Tool (CST).

The Compliance Support Tool (CST), developed by RINA, provides a standardised programme for assessing the conformance of the target object in scope (i.e. medical device, information system, management systems, etc.) with a series of standards relevant for the user and application context (i.e. GDPR, ISO 27001, EN ISO 13485, ISO IEC 80001, etc.). It supports the user in assessing the medical device\system development process during all the phases of its lifecycle This ensures an effective internal control system focused on managing significant risks while verifying the compliance of the entire process to relevant standards and taking actions to increase the conformity level.

 

Registration link (CEST is indicated as Rome):

Register now →

 

 

Session 7. Secure Behaviour Nudging Tool: Thursday 24.09.2020, 11:00-13:00 CEST

The Secure Behaviour Nudging Tool is designed to help staff responsible for encouraging cybersecure behaviours within a healthcare organisation. Designed by a team of behaviour change experts, the SBNT is a toolkit of evidence-driven techniques and methodologies built around established psychological theories.

The SBNT offers a range of innovative tools to assist the user in identifying: 1) Insecure behaviour in the workplace. 2) Factors driving this behaviour and barriers to secure behaviour. 3) Appropriate techniques and ‘nudges’ to encourage more secure behaviour. 4) Tools to assess and re-assess the organisation’s cybersecurity position and needs on a reiterative basis.

Target Stakeholders: Hospital (and other Healthcare providers) Managers in charge for managing staff behaviour and education, Information Technology Managers, Information Security Officers, Risk Managers

Registration link (CEST is indicated as Rome):

Register now →

 

Session 8. Cybersecurity Education and Learning Tool: Thursday 24.09.2020, 15:30-16:30 CEST

The PANACEA Cybersecurity Education and Learning package is designed to demonstrate to all people who work in Health Care Organisations to recognise the core link between secure cyber-related behaviour and practices and the health and well-being of HCO patients. Designed and developed using a systematic approach by a team of highly qualified and experience training developers, the learning is based on comprehensive analysis of the current situation and will apply proven pedagogical methods and modern digital media to appeal to as broad a range of learners as possible, enabling learning wherever and whenever the learner has the opportunity to access it. The learning aims to promote behavioural change by personalising the consequences of inappropriate cybersecurity behaviour to the learner, the learner’s patients and the HCO itself.

Target participants: Managers in charge of staff behaviour and education, Information Technology Managers, Information Security Officers, Risk Managers

Registration link (CEST is indicated as Rome):

Register now →