Blog

  • ProTego project summary (Thursday, December 30, 2021) - The ProTego project has been completed in December 2021. In the last three years, a European consortium consisting of 9 partners has performed research and innovation activities with the aim to provide tools for risk identification and assessment and data protection to reduce cybersecurity risks in hospitals and care centers. The objectives for ProTego are […]
  • Multi-level security access control and delegation in the healthcare system (Tuesday, December 21, 2021) - In healthcare systems, Electronic Health Records (EHRs) of patients must be shared among a set of users with varying levels according to the consent of the patient or system administrator rules. These levels are divided into (i) security level and (ii) delegation level. In this system, users could be either healthcare professionals associated with the […]
  • Goodbye Passwords, long live new auth methods! (Tuesday, November 30, 2021) - Currently, the most commonly used method of authentication in any information system is based on using of passwords as credentials. Passwords are commonly used but we are still facing the same original problems, that we had when passwords started to be used. Since its creation, humans have always struggled with the creation of secure and […]
  • Apache Parquet for HL7 FHIR (Thursday, October 28, 2021) - As a major achievement, we are pleased to announce that Apache Spark 3.2 is being released with Apache Parquet v 1.12.1 which includes Parquet Modular Encryption (PME). In addition to this, a C++ version was released with Apache Arrow 4.0.0, and IBM Research has begun working with the Apache Arrow community to integrate PME in […]
  • Kubernetes Storage: From Persistent Volumes to NFS to Native Storage (Monday, October 25, 2021) - Containers have quickly become the standard for application deployment. Containers are units of software that package up code and all dependencies so that an application is able to run quickly and reliably in various computing environments, from OnPremise to OnCloud deployments. With containers comes the need for managing them, and to this end, Kubernetes has […]
  • ProTego Advanced Research – Policy-driven data protection (Thursday, September 30, 2021) - In a previous blog in Medium, ProTego has described how it can secure HL7 FHIR resources [1] by using Apache Parquet Modular Encryption (PME)[2], which was developed by Work Package V – Cyber Risk Mitigation during the project. Building on top of this approach, WP5 developed a Data Gateway which adds an Interceptor to an […]
  • Cyber Security Risk Modelling (Tuesday, August 31, 2021) - Risk modelling is a key tool in the battle against cybercrime and attackers. ProTego’s process for static risk modelling is described in [1] and follows a standardised risk assessment approach described in ISO 27005 [2], where the operational system’s assets and relationships between them are identified, and a system risk model is constructed based on […]
  • The role of IT staff in the procurement of medical devices (Tuesday, July 27, 2021) - IoT devices suppose a point of high interest to be covered in any initiative regarding cybersecurity in healthcare. But it is worth to make a difference between small and personal wearable devices (IoT devices) and electro-medical devices commonly owned and used by healthcare organizations, also named as IO(m)T devices. IO(m)T use to come with a […]
  • Security by design in non-connected devices (Tuesday, June 29, 2021) - In the ProTego project, the following scenario has been considered to demonstrate the value of the toolkit: a non-connected activity tracker collects data and sends it to a web application. The activity tracker aims to support one of the application features which is to show the statistics on the patient’s physical activity. The data is […]
  • Who CANNOT access the EHRs in Healthcare Information Systems? (Friday, May 28, 2021) - In the healthcare domain, various types of authorities, such as patients and doctors, produce Electronic Health Records (EHRs) data. The system stores this vital information in the medical server along with some security information. On the other hand, health centers that are usually open have dozens or even hundreds of unknown visitors. Apart from the […]
  • Network Slicing in E-health Networks (Friday, April 30, 2021) - Network slicing is a technology, that enables the creation of multiple virtual networks on top of a physical architecture, allowing operators to provide portions of their networks that fulfill the requirements of different vertical industries with appropriate network isolation, resources, optimized topology and specific configuration. While the concepts of flow-based mechanisms (see RSVP and old […]
  • Return on investment – ROI (Thursday, March 18, 2021) - Suppose you are looking for information on the Return on Investment (ROI) of cybersecurity. In that case, most of the information you find is that “it is difficult to calculate”. However, it is not difficult to calculate the impact of a security breach on a company or organization. So, how do you quantify or measure […]
  • Using Istio Service Mesh to Manage and Secure Microservices (Friday, February 26, 2021) - Current development trends strongly rely on microservice architectures and cloud deployments. Dev teams must use microservices to architect for portability while Ops teams must manage large hybrid and multi-cloud deployments. Kubernetes plays a key role in supporting current microservice/cloud architecture trends, and Istio lets you connect, secure, control and observe microservices. And that’s true for […]
  • The importance of good password hygiene (Sunday, January 31, 2021) - The introduction of new technologies in the healthcare sector is leading to the adoption of innovative ways in the treatments of patients. These innovations bring new opportunities and benefits: Telemedicine, Electronic Health Records (EHR), wearables that monitor biometrics, are just some of the contributions to enhance the health and well-being of patients. However, because of […]
  • Hybrid Cloud or how to expand limits in healthcare provisioning (Tuesday, December 22, 2020) - The unification of health information is a clear objective for governments and industry. This unification is carried out through a down-to-up strategy, that is, first it seeks to unify the patients’ medical record at the local level (in the hospitals themselves or main service providers) and then there are strategies to unify the information existing […]
  • Evolution of ransomware and health care data (Monday, November 23, 2020) - Traditionally Ransomware has been a type of malware that blocks access to a victim’s data and later demands a ransom fee to unlock it. Nowadays, a new trend has appeared where malicious actors steal information and threaten to publish the victim’s data.  This represents an evolution of the traditional ransomware attack, which can be directly related to health care data. Health care data is extremely sensitive because it cannot be changed if it is stolen. If someone steals […]
  • Who can access the EHRs in Healthcare Information Systems? (Friday, August 28, 2020) - In healthcare systems, Electronic Health Records (EHRs) contain sensitive information, such as all the patient records and doctor prescriptions, and these are stored on a medical server. Preserving the confidentiality of this vital information is an important issue in these systems. The system should have the means to avoid unauthorized users to access this information. […]
  • How to Secure E-health Networks? (Friday, July 31, 2020) - The 3rd Generation Partnership Project (3GPP), the organization that assesses the requisites for the new network infrastructures in the second phase of 5G networks (3GPP Rel-16 and beyond) [1], classifies the future 5G networks in two types: Public Land Mobile Networks (PLMNs) and Non-Public Networks (NPNs). The first type is the network provided directly by […]
  • BYOD and health sector (Monday, June 29, 2020) - During this recent COVID19 crisis technology has proven, again, to have a major role on our daily basis. Physical meetings have been restricted and the usage of message applications has increased drastically during these few months, see Zoom or WhatsApp. These behaviours have not been different in the health sector. Due to the situation telehealth […]
  • Apache Parquet for HL7 FHIR (Monday, June 22, 2020) - The blog post on “Apache Parquet for HL7 FHIR” by Gidon Gershinsky can be found here.
  • Integrating ProTego – A CI/CD Approach for Security (Friday, May 29, 2020) - ProTego is a data protection toolkit for reducing risks in hospitals and care centres. It utilises an iterative security framework that both measures and reacts to the changing security landscape of a platform. ProTego’s many components for risk monitoring and mitigation, and the use-case applications deployed with the ProTego toolkit, are all made by varying […]
  • ProTego engagement in the Research Data Alliance (RDA) (Monday, April 27, 2020) - During a public emergency – and COVID-19 is something we’ve not seen on this scale before – policy makers, funders, government, public authorities all rely on official statistics and research to be able to make decisions and plan for the near and longer term future. Obviously, researchers and statisticians are dependent on good quality data, […]
  • COVID-19’s impact on Cybersecurity (Friday, February 28, 2020) - The outbreak of COVID-19 has caused an unprecedented worldwide impact. Without a shadow of a doubt we are living challenging times on many different levels that bring as a consequence important concerns in all aspects of life and cybersecurity is not an exception. With such a high percentage of people under lockdown in the whole […]
  • Cybersecurity challenges in serverless computing (Friday, January 31, 2020) - Serverless infrastructure adoption is growing faster than most people realize. Some studies stated that since 2015 it’s growing by more than 2X compared to virtual containers technology. Serverless computing is a misnomer. In fact, serverless applications still require physical or virtual servers running somewhere, but serverless computing differs from traditional approaches in that the organization […]
  • Cybersecurity Awareness Of Hospital Employees (Monday, December 30, 2019) - Cybersecurity breaches have become popular among the biggest organizations and healthcare sector is no exception due to the fact that a great deal of sensitive data is used. The technology age has meant that an increased number of private information is being stored in computers and networks, thus exposing it to a potential invasion of […]
  • Service-based secure network slicing (Saturday, November 30, 2019) - Security for confidential patient data is a high priority requirement for hospitals. The increasing number of cyber-attacks to steal patient data, raised a concern on how hospitals can improve security when handling confidential data. One option to improve security is the encryption of stored data, which difficult possible attackers to read sensitive data. Another option […]
  • On the insecurity of implantable medical devices (Thursday, October 31, 2019) - Securing healthcare services is a complex, multi-dimensional challenge that requires a defence-in-depth strategy. Indeed, there are multiple security facets which have to be tackled when developing cybersecurity solutions for the (e-)health sector. Obviously, one of the most security-critical assets is medical data, such as digital patient records. This data is without doubt very privacy-sensitive, and […]
  • The Importance of Cyber Security User Awareness in Healthcare Industry (Monday, September 30, 2019) - The healthcare industry has experienced a major change with electronic records enablement which replaced traditional paper-based medical records. This shift improved the efficiency of delivering health care services to the clients/patients and minimized insurance fraud as well as billing errors. However, shifting to an electronic mode of medical data storage calls for additional awareness and […]
  • Improving security in large scale medical it systems by managing complexity with standardization (Friday, September 13, 2019) - Many large medical IT systems have evolved over a good number of years. With this evolution has come complexity as the IT systems have changed over time. In the context of security, this is quite a problem as it is difficult for maintainers of these systems to know and manage against threats to the Medical […]
  • Test Driving Parquet Encryption (Monday, July 29, 2019) - The blog post can be found here.
  • Using Knowledge-based Systems to improve Big Data and Machine Learning methods for Cyber-security Threat Diagnosis (Sunday, June 30, 2019) - Ransomware and other types of cyber-attacks are on rise and healthcare industry is one of their biggest targets facing a constant level of threat from within and outside. Intruders may gain access to the system and remain undetected for a long time posing major public health problems and costing millions of dollars. Intrusions differ from […]
  • Using network slicing to enhance security in e-health use cases (Friday, May 31, 2019) - Introduction A great number of network services are available today, and their number is ever more increasing. All of them have diverse use cases and performance requirements that have to be met. Today’s networks are designed in a “one-fit-all” way, meaning a single network should be used for all network services. However, meeting the diverse […]
  • Why addressing cyber risks in healthcare is needed (Thursday, April 4, 2019) - The adoption of new technologies is transforming the way the healthcare sector treats people. Telemedicine, Electronic Health Records (EHR), wearables that monitor biometrics are just few examples of what hospitals are providing as new tools to improve patients’ treatment ([1], [4]).  If these transformations are contributing to enhancing the patients’ health and wellbeing, they are […]
  • The necessity of cybersecurity in the Health Sector (Friday, March 29, 2019) - On the 12th of May of 2017, the National Health Service (NHS) of the United Kingdom suffered one of the greatest cyber-attacks in his history. Wannacry affected up to 70,000 devices, including MRI scanners and other medical equipment. Due to the inoperability of these systems, NHS had to turn away non-critical emergencies. These attacks were […]
  • Successful kickoff meeting of the ProTego project (Thursday, January 31, 2019) - In the last two days, the kick-off of the ProTego project was held at the Gfi Madrid offices. ProTego is a healthcare cybersecurity project funded by the European Commission and awarded to a consortium made up of technology companies, universities and hospitals, all from different countries (Spain, France, Belgium, UK, Italy and Israel). Gfi, besides […]