UBITECH participates in the kick-off meeting, in Athens, Greece (January 24-25, 2019) of the CUREX Research and Innovation Action, officially started on December 1st, 2018. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 826404) and spans on the period December 2018 – November 2021. The key goal of CUREX is to address comprehensively the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess the realistic cybersecurity and privacy risks they are exposed to and suggest mathematically optimal strategies for addressing these risks with safeguards tailored specifically for each business case and application. At its core, a fully GDPR-compliant-by-design, decentralised architecture enhanced with a private blockchain infrastructure ensures the integrity of the risk assessment process and of all data transactions that occur between the diverse range of stakeholders involved. Crucially, CUREX expands beyond technical measures and places emphasis also on improving cyber hygiene through training and raising awareness activities for a healthcare institution’s personnel.
Within CUREX, UBITECH R&D team will work towards the implementation of the Threat Intelligence Engine (TIE), which is in charge of detecting and analysing all the vulnerabilities, incidents and threat information obtained from the different layers of a health system, as well as of generating information about potential or imminent threats that could impact either such a system or the overall organisation at different severity levels, mainly with regard to the safety of data and its exchange with other organisations. In that sense, the TIE will provide information not only about the most common or well-known threats or vulnerabilities of the healthcare system, but also more complex threats, such as zero-day attacks or advanced persistent threats (APTs).
Moreover, UBITECH will drive the design and implementation of the Privacy Assessment Tool (PAT) that will provide hospitals and care centres with the appropriate privacy levels in complete alignment with the GDPR directives to protect patients’ Personal Identifiable Information (PII) and sensitive clinical data. PAT will perform the necessary analysis on privacy risks based on the the modelling of data assets as produced by the Asset Discovery Tool (ADT), and will inform decision makers, based on every business process that concerns the processing and exchange of data, the degree of compliance of the healthcare organisation with the GDPR, by providing an indicative privacy score.