This pilot will take place in Plovdiv Hospital in Bulgaria. Yet, as all Bulgarian hospitals are linked to two (distinct, yet interconnected) cloud-based national information systems, the pilot will have indirect access to the complete Bulgarian National Healthcare Ecosystem. In detail, the healthcare national backbone consists of: a) the Health Information system (HIS), which hosts all patients’ Electronic Health Records (HER) including data about hospital/ medical visits, e-examinations, patients’ complains, patient-centric clinical insights and findings, prescriptions, e-referrals – directions for tests, consultation or hospitalization, e-prescription, and e-immunization. In practice every digital asset about the healthcare provision and services to a specific patient (including medical records) is stored into HIS and b) the National Health Insurance Fund (NHIF), which hosts all information related to reimbursements and accounting. As part of healthcare processes and delivery, every hospital establishes specialized, reserved and secure access to the HIS via a secure WAN connection, which come along with systems like recursive DNS servers that provides fault tolerance and connection reliability. This forms an interconnected cloud/edge infrastructure
including the HIS/NHIF clouds of the Ministry and Edge Nodes (local clouds) at the hospitals. Furthermore, within the hospitals practitioners and staff access information using mobile/IoT devices like smart phones and tablets.
Proactive & Intelligent Protection of Healthcare Critical Infrastructures
Cyber-Assets and Deployment Configurations: CyberNEMO will be validated across the CI that comprises:
- The Mandatory Cloud Assets (HIS, NHIF) of the National Healthcare Ecosystem
- Cloud/Edge Assets (i.e., Electronic Health Records, HER) of the hospital
- Edge/Fog Assets (i.e., smartphones of health staff, along with mobile reader/scanner at the practitioner’s or hospital side used to scan the 2D barcodes (Data Matrix ECC 200, ISO /IEC 16022:2006) of medical documents.
CyberNEMO will be deployed and used to create a secure CC powered by a ZTNA requiring authentication/ authorization for every step and every actor accessing the HIS/EHR.
Use case Applications
On top of this baseline configuration, the following three Use Cases will be implemented:
- Detecting and Mitigating Authentication and Authorization Vulnerabilities & Threats: Access to sensitive patient’s data is extremely limited and subject to very stringent access control and data access policies. As part of this use case, the CyberNEMO technologies will be used to setup and enforce ZTNA policies across participating stakeholders. The data provenance and verification technologies of CyberNEMO will be also used to significantly reduced the Mean-time-to-Detect (MTTD) access policy violations, data integrity issues, as well as potential data breaches. The use case will accordingly activate mitigation measures (e.g., changes to access control decisions, changes to passwords). This will ultimately lead to a tangible improve to the minimum time needed to resolve an access control related vulnerability in the scope of the healthcare infrastructure.
- Supply Chain Collaboration for Increased Resilience: This use case will demonstrate the merits of security collaboration across the healthcare supply chain. It will leverage the CyberNEMO assets for information sharing (SAAM) to implement timely alerting functionalities from the Ministry to the hospital and from the hospital downstream to practitioners and staff. The information to be communicated will concern adversarial practices, remedial best practices for known threats (e.g., ransomware, medical devices attacks), as well as information about potential zero-day vulnerabilities. Based on the timely and automated alerting from the ministry, the rest
supply chain actors (hospital, professionals) will improve the time required to detect and respond to these threats.