Overview
The healthcare sector has become susceptible to cyber-attacks that threaten confidential healthcare data. The HEIR Observatory is a cloud-based portal responsible to collect, analyze and present the results of all the deployed HEIR Clients (hospitals) in order to provide global insights on the level of security in healthcare environments. The Observatory database stores all this information which is being analyzed by the HEIR Analytics Engine in order to produce statistics, historical analysis, and trends as well as recommendations and best practices. In addition, data are collected from each hospital.
Whereas the HEIR 1st level services focus on a particular hospital (including real-time vulnerability assessment (e.g. the calculation of the HEIR Risk Assessment for Medical Applications (RAMA) score) and forensics (via FVT)), HEIR 2nd level services provide a bird’s eye approach utilizing the HEIR Observatory as a hub of information to be further analyzed at an aggregate level. For instance, the HEIR Global RAMA Score Calculator consumes the collected data and provides the Global RAMA score and relevant metadata. The available results are presented in the 2nd layer of visualization.
The aim of the HEIR Observatory is to make it possible for healthcare experts or external stakeholders to understand how an organization is compared to other healthcare organizations in relation to the level of cybersecurity. Nevertheless, due to General Data Protection Regulation (GDPR), data are gathered in a way that preserves anonymity and makes any aggregated information and statistical information on cybersecurity events displayed in the observatory impossible to be connected with any particular hospital.
2nd Layer of Visualizations- Observatory
The 2nd layer of Visualization includes all the elements and methods to present information gathered by the HEIR Observatory. The Global RAMA Score, relevant metadata, and statistics are produced based on the local RAMA (RAMA score per hospital), derived by the connected hospitals. In addition, basic recommendations are available through the visualization dashboard and users accessing the HEIR Observatory will have access only to anonymized data collected from the HEIR Clients (hospitals). Depending on their role, only specific users can see the active policies of healthcare organizations.
The 2nd layer of visualization is a web application presenting the aforementioned information. Figure 2 below shows how the Global RAMA Score is presented along with significant information about the whole HEIR environment. Additional security-related information about the status of each connected hospital, along with analytical data that reveal meaningful information is available in an anonymized manner (i.e. no hospital will be given by name since this information will not be available). Moreover, the ‘Global Insights’ section contains the initial statistical information and a multi-series line chart that demonstrates the evolution of the RAMA scores through time. Statistical data refer to the top global-identified vulnerabilities and the analysis of the output of the HEIR Client’s modules. As part of the recommendations of the platform, the end user will be able to see two subcategories of the top 10 vulnerabilities: a) Top 10 Vulnerabilities by Frequency and b) Top 10 Vulnerabilities by Severity. Subsequently, the user can access more details by clicking on any of the vulnerabilities and then he will be redirected to Global Knowledge Databases such as Mitre. HEIR client’s metadata are displayed in groups, by highlighted numbers and different graphical representations, so as to enhance the end-user's situational awareness.
Figure 2. Observatory full page
2nd layer of visualizations provides an overview of the cybersecurity status within the HEIR ecosystem. Authorized researchers and the relevant audience will have the opportunity to explore knowledge gathered from HEIR Clients and identify common and critical vulnerabilities and exposures that threaten healthcare infrastructures. Furthermore, an authorized policymaker of a hospital or someone with similar data clearance is able to have access to every active policy that exists in the HEIR system, however, the hospital’s information will be anonymized. Those policies are written in REGO language, an example of which is depicted in the following figure. As far as different existing policies are concerned, the goal is for the policymakers to examine them and end up with recommendations.
Figure 3. Observatory Active Policies
Conclusion
The HEIR observatory is a web-based portal that provides an overall view of the hospitals’ security levels that is part of the Heir ecosystem. Key aspects of the observatory are the index of the Global Rama Score, the Top 10 vulnerabilities, and access to Active Policies. The aim is that those granted access to the Observatory, possibly policymakers or government operatives, could end up with useful recommendations, best practices, and upgrade suggestions in order to mitigate the problems and vulnerabilities identified by the HEIR system. Finally, Aegis IT Research Gbmh is responsible for the creation and continuous development of the 2nd Layer of Visualizations (Observatory). Aegis IT Research Gbmh contributed to the HEIR project with its own developed toolkit FVT (Forensics Visualization Toolkit).