HEIR system is based on a multi-layered hierarchical architecture. It comprises HEIR clients, operating at local level in a wired or wireless LAN in a healthcare facility, providing data for further analysis in the HEIR aggregators. After completing their analysis (described in detail in the following sections), they submit anonymized findings to the HEIR Observatory for the Security of Electronic Medical Devices (OSEMD) which aggregates data of all HEIR clients and aggregators and performs detailed data analytics, supported by advanced, interactive visualization tools. The vision is to (i) provide a detailed analysis of the adoption of good technical practices and at the same time (ii) underline cybersecurity issues that are common in the healthcare sector and pinpoint interesting outlier values which require further attention. The information will be presented in different levels (facilitating both general / high level and detailed / low level visualisations); daily snapshots will also be kept in order to generate time series of the developments in every aspect of healthcare cybersecurity.
The HEIR System is also modular; it can be further extended to support new types of threats and provide additional recommendations. It can also be modified to support different and more complex healthcare environments. A deeper hierarchical architecture ensured with the provision of HEIR Aggregator. In large healthcare environments as a hospital with many departments, different types of medical devices and subnetworks, a single HEIR client may not be enough to support the IT administrators understanding all the necessary details for every department. The HEIR Aggregator will collect the data from all HEIR Clients, will make the necessary evaluations and assessments for each HEIR Client and finally will provide detailed feedback. Thus, the HEIR Aggregator will be acting as a “1st level HEIR Observatory”, assisting the IT personnel to identify which departments in the hospital face critical cybersecurity issues. The HEIR Aggregator will also operate as a 1st level cybersecurity and resilience benchmarking tool, comparing the cybersecurity status at an intraorganizational level. The aggregated information is further transmitted to the global HEIR Observatory so as to extract the cybersecurity and resilience benchmark score of the whole organization in comparison with the global trends documented from other organizations.