Summary
The health sector is steadily becoming the de facto target for cyberattacks. Based on the most recent ENISA report at the end of 2018, cybersecurity incidents have shown that the healthcare sector is one of the most vulnerable. Focusing specifically on Electronic Medical Devices (EMD), they suffer from numerous and multi-layered vulnerabilities . Default, weak or no password authentication for remote connections, unencrypted traffic or obsolete and insecure cryptographic algorithms, unsupported operating systems, outdated, unmanaged and vulnerable software are among the most serious problems that jeopardise both their smooth operation and the data aggregated and stored. The vision of HEIR is to provide a thorough threat identification and cybersecurity knowledge base system addressing both local (in the hospital / medical centre) and global (including different stakeholders) levels, that comprises the following pillars: (i) Real time threat hunting services, facilitated by advanced machine learning technologies, supporting the identification of the most common threats in electronic medical systems based on widely accepted methodologies such as the OWASP Top 10 Security Risks and the ENISA Top 15 Threats; (ii) Sensitive data trustworthiness sharing facilitated by the HEIR privacy aware framework; (iii) Innovative Benchmarking based on the calculation of the Risk Assessment of Medical Applications (RAMA) score, that will measure the security status of every medical device and provide thorough vulnerability assessment of hospitals and medical centres; (iv) The delivery of an Observatory for the Security of Electronic Medical Devices; an intelligent knowledge base accessible by different stakeholders, providing advanced visualisations for each threat identified in RAMA and facilitating global awareness on EMD-related threats. Last, HEIR will set up a broad European network for establishing good security practice in all regulatory frameworks to reduce market access.
Unfold all
/
Fold all
More information & hyperlinks
| Web resources: | https://cordis.europa.eu/project/id/883275 |
| Start date: | 01-09-2020 |
| End date: | 31-08-2023 |
| Total budget - Public funding: | 4 999 975,00 Euro - 4 999 975,00 Euro |
Cordis data
Original description
The health sector is steadily becoming the de facto target for cyberattacks. Based on the most recent ENISA report at the end of 2018, cybersecurity incidents have shown that the healthcare sector is one of the most vulnerable. Focusing specifically on Electronic Medical Devices (EMD), they suffer from numerous and multi-layered vulnerabilities . Default, weak or no password authentication for remote connections, unencrypted traffic or obsolete and insecure cryptographic algorithms, unsupported operating systems, outdated, unmanaged and vulnerable software are among the most serious problems that jeopardise both their smooth operation and the data aggregated and stored. The vision of HEIR is to provide a thorough threat identification and cybersecurity knowledge base system addressing both local (in the hospital / medical centre) and global (including different stakeholders) levels, that comprises the following pillars: (i) Real time threat hunting services, facilitated by advanced machine learning technologies, supporting the identification of the most common threats in electronic medical systems based on widely accepted methodologies such as the OWASP Top 10 Security Risks and the ENISA Top 15 Threats; (ii) Sensitive data trustworthiness sharing facilitated by the HEIR privacy aware framework; (iii) Innovative Benchmarking based on the calculation of the Risk Assessment of Medical Applications (RAMA) score, that will measure the security status of every medical device and provide thorough vulnerability assessment of hospitals and medical centres; (iv) The delivery of an Observatory for the Security of Electronic Medical Devices; an intelligent knowledge base accessible by different stakeholders, providing advanced visualisations for each threat identified in RAMA and facilitating global awareness on EMD-related threats. Last, HEIR will set up a broad European network for establishing good security practice in all regulatory frameworks to reduce market access.Status
SIGNEDCall topic
SU-DS05-2018-2019Update Date
27-10-2022
Images
No images available.
Geographical location(s)
Structured mapping
Unfold all
/
Fold all
H2020-EU.3.7.6. Ensure privacy and freedom, including in the Internet and enhance the societal, legal and ethical understanding of all areas of security, risk and management
Search
Organisations
-
| Institut Mines-Télécom (IMT) (Coördinator)
-
| AEGIS IT RESEARCH GMBH
-
| BITDEFENDER SRL
-
| CROYDON HEALTH SERVICES NATIONAL HEALTH SERVICE TRUST
-
| DIAGNOSTIKON KAI THERAPEFTIKON KENTRON ATHINON YGEIA ANONYMOS ETAIREIA
-
| HARALDSPLASS DIAKONALE SYKEHUS AS
-
| IASO IDIOTIKI GENIKI MAIEFTIKI GINAIKOLOGIKI & PAIDIATRIKI KLINIKI DIAGNOSTIKO THERAPEFTIKO & EREVN...
-
| IBM ISRAEL - SCIENCE AND TECHNOLOGY LTD
-
| IDRYMA TECHNOLOGIAS KAI EREVNAS
-
| IOTAM INTERNET OF THINGS APPLICATIONS AND MULTI LAYER DEVELOPMENT LTD (ITML CY)
-
| PANEPISTIMIAKO GENIKO NOSOKOMEIO IRAKLEIOU
-
| SIEMENS SRL
-
| SPHYNX TECHNOLOGY SOLUTIONS AG
-
| SPHYNX TECHNOLOGY SOLUTIONS AG (STS)
-
| STELAR SECURITY TECHNOLOGY LAW RESEARCH UG (STELAR)