SU-TDS-02-2018 - Toolkit for assessing and reducing cyber risks in hospitals and care centres to protect privacy/data/infrastructures
Digital technologies such as Big data, Internet of Things, Robotics, Artificial Intelligence, High Performance Computing, Cloud and Cybersecurity offer new opportunities to transform healthcare systems and delivery, Connected medical devices, in particular if linked to Clinical Information Systems, can bring increased patient safety and efficiency into healthcare system(s). However, ICT infrastructures and data have become critical for the functioning of the hospitals and care systems and due to increasing connectivity, the exposure to risks of cyber-crime is constantly increasing. Healthcare ICT infrastructures are now considered to be part of the Critical Information Infrastructure. Cyberattacks are a potential danger to the safety of patients and to the privacy of sensitive health data.
Development and implementation of innovative methods, tools, guidelines or best practices addressing the need for cybersecurity in hospitals including remote care and homecare settings e.g. for assessing risks and vulnerabilities of hospitals w.r.t cyberattacks; innovative cybersecurity measures; identification/authentication systems within hospitals taking into account cross-border requirements and usability; addressing cybersecurity in the whole lifecycle of a medical device including hardware with embedded software, such as e.g. pacemakers, …); solutions addressing the need for cybersecurity certification of products/devices and services in the health and care domain; standards for security-by-design covering the whole lifecycle of eHealth applications; cybersecurity in remote healthcare provisions including homecare settings and in IT infrastructures supporting integrated care; secure information sharing between healthcare organisations (including cross border); security for cloud solutions supporting healthcare services; cybersecurity for Internet of Things (IoT) components supporting healthcare organisations in Europe.
The Commission considers that proposals requesting a contribution from the EU of between EUR 3 and 5 million would allow this specific challenge to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
Proposals under this topic may be subject to security scrutiny if they could potentially lead to security-sensitive results that should be classified (see guide for classification).
The proposal should provide appropriate indicators to measure its progress and specific impact in the following areas:
- Improved security of Health and Care services, data and infrastructures;
- Less risk of data privacy breaches caused by cyberattacks;
- Increased patient trust and safety.