CUREX: seCUre and pRivate hEalth data eXchange

The Health sector's increasing dependence on digital information and communication infrastructures renders it vulnerable to privacy and cybersecurity threats, especially as the theft of health data has become lucrative for cyber criminals. CUREX comprehensively addresses the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess cybersecurity and privacy risks that are exposed to and suggest optimal strategies for addressing these risks with safeguards tailored to each business case and application. CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced by a private blockchain infrastructure ensures the integrity of the data and –most importantly- the patient safety. Crucially, CUREX expands beyond technical measures and improves cyber hygiene through training and awareness activities for healthcare personnel. Its validation focuses on highly challenging cases of health data exchange, spanning patient cross-border mobility, remote healthcare, and data exchange for research.

[1]  Tadeusz Sawik,et al.  Selection of optimal countermeasure portfolio in IT security planning , 2013, Decis. Support Syst..

[2]  Loren Paul Rees,et al.  IT security planning under uncertainty for high-impact events , 2012 .

[3]  K. Renaud,et al.  Health service employees and information security policies: an uneasy partnership? , 2012 .

[4]  S. Pfleeger,et al.  From Weakest Link to Security Hero: Transforming Staff Security Behavior , 2014 .

[5]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[6]  Chris Hankin,et al.  Decision support approaches for cyber security investment , 2015, Decis. Support Syst..

[7]  N. Pletneva COMMENTARY ON THE INTERNATIONAL STANDARD ISO 31000–2009 “RISK MANAGEMENT. PRINCIPLES AND GUIDELINES” , 2014 .

[8]  Emmanuel Aroms,et al.  NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems , 2012 .

[9]  Christos Xenakis,et al.  A Quantitative Risk Analysis Approach for Deliberate Threats , 2010, CRITIS.

[10]  Christian Ullrich,et al.  Valuation of IT Investments Using Real Options Theory , 2013, Bus. Inf. Syst. Eng..

[11]  Bernd Blobel,et al.  Ontology driven health information systems architectures enable pHealth for empowered patients , 2011, Int. J. Medical Informatics.

[12]  Christos Xenakis,et al.  A specification-based intrusion detection engine for infrastructure-less networks , 2014, Comput. Commun..

[13]  Loren Paul Rees,et al.  Decision support for Cybersecurity risk planning , 2011, Decis. Support Syst..

[14]  Chris Hankin,et al.  Game Theory Meets Information Security Management , 2014, SEC.

[15]  Michael D. Smith,et al.  Computer security strength and risk: a quantitative approach , 2004 .

[16]  Christoforos Ntantogian,et al.  RiSKi: A Framework for Modeling Cyber Threats to Estimate Risk for Data Breach Insurance , 2017, PCI.

[17]  Chris Hankin,et al.  Cybersecurity Games and Investments: A Decision Support Approach , 2014, GameSec.

[18]  Rok Bojanc,et al.  Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System , 2012 .

[19]  Chris Hankin,et al.  Comparing Decision Support Approaches for Cyber Security Investment , 2015, ArXiv.

[20]  Carsten Maple,et al.  A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem , 2012, Decis. Support Syst..

[21]  Ronald S. Ross Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy , 2018 .

[22]  M. Ashburner,et al.  The OBO Foundry: coordinated evolution of ontologies to support biomedical data integration , 2007, Nature Biotechnology.