PAGNI is the largest hospital facility in Crete and one of the largest public hospitals in the country, with 760 beds and more than 1900 employees. Currently, PAGNI is using an integrated information system called as OPSI platform. This is an eHealth IT infrastructure that currently links the hospital medical care, the pharmacy, the patient flows and records.
The OPSI’s servers are located at the hospital’s server room running services like authentication and authorization (e.g. Role Based Access Control), relational database management system (RDBMS) hosting, data storage and middleware’s for the communication of OPSI with external systems. The OPSI platform is an effective mean for the smooth operation and easy management of the PAGNI IT system as the PAGNI’s personnel (i.e. doctors, nurses, administrative staff and the IT department) uses the OPSI platform on a daily basis offering numerous services. Regarding the OPSI security aspects the following security features have been already implemented: Role Based Access Control system, Daily backup of OPSI’s data, Software maintenance, Network security practises such as VPNs, Firewalls etc. However, despite the implemented cyber infrastructure the OPSI platform is currently facing several cybersecurity and data privacy issues such as are malware (including Ransomware) and phishing attempts, internal users having access to patient files, External attackers/hackers, mechanical failures etc., problems with third-party vendors (e.g. problems with the database administrator or cloud provider) resulting several serious system failures like (a) loss of confidentiality (e.g. in the electronic health records), (b) loss of availability (e.g. the web interfaces of the OPSI’s system) and (c) loss of integrity (e.g. clinical records) and so on.
HEIR will enhance the OPSI platform in respect to its data privacy and cybersecurity by measuring and evaluating the overall security status of the hospital IT system. In particular, the operation of the OPSI platform will be boosted via provision of HEIR vulnerability analysis module, SIEM monitoring tools and forensics analysis, advanced visualisation tools and RAMA calculator. Furthermore, the consortium will install the Blockchain service components and work with the PAGNI team to define the use cases and procedures that are necessary to maintain the distributed health services.