The third ASCLEPIOS Awareness workshop took place on June 11th 2021, as a fully online event. It was part of the awareness workshop series organised by ASCLEPIOS to raise the general awareness on the protection of healthcare information security and privacy.
What was featured?
This time special attention was given to the ASCLEPIOS project and its practical demonstrators, while it also featured some of the talks that enjoyed high popularity in the first two editions of the workshop (e.g. GDPR or Threat Modeling in healthcare). The ASCLEPIOS demonstrator partners from AMC and NSE presented the current status of their implementations as well as the added value for their organisations. UoW introduced ASCLEPIOS with a brief overview of the project’s scope and framework, ICCS zoomed in the design and implementation of the ASCLEPIOS ABAC and ABE mechanisms, while Secura led the GDPR and awareness-oriented talks of the workshop (see the full meeting agenda in the end of the blogpost).
Feedback and lessons learnt
The backgrounds of the 22 workshop attendees were diverse, coming from major medical devices and services development companies, security testing and evaluation companies, the healthcare domain, research and academia.
Their responses to the survey that was distributed at the end of the session, convey several interesting results – both regarding their perception of the ASCLEPIOS technological offerings but also their expectations and preferences from the content and structure of an awareness workshop.
Let’s look at some of the survey results:
- The main reason for attending the workshop was the general wish to learn more about state-of-the-art security in healthcare
- Two of the main takeaways noted by attendees, included general knowledge on the ASCLEPIOS architecture, as well as understanding the general privacy requirements linked to medical data
- The audience appreciated the technical talks, and would like to see more presentations of the same technical level
- The general opinion about the presented ASCLEPIOS infrastructure and demonstrators is positive, and several people rated the solution as “surely better” than other already existing solutions
What’s next?
Healthcare information security and privacy is a hot topic that needs to be understood and treated in a pro-active manner in order to minimize the risk and it all starts with individual awareness. |
Towards this end, we will organise another workshop, that will most probably be held towards the end of 2021. Stay tuned for the announcement and registration details!
9:30 | Virtual room open | ||||
10:00 | Welcome message and context of the workshop | Relevance and importance of the topic; Overview of the talks throughout the day | Tamas Kiss (UoW) Razvan Venter (Secura) | ||
10:30 | GDPR in healthcare environments | Importance of the regulation, explanation of the concepts and topics and applicability to healthcare data | Christiaan Hillen (Secura) | ||
11:00 | Working with medical data – Patient awareness | Threats and risks relevant to the medical data, while being processed. Best practices for secure processing of data. | Christiaan Hillen (Secura) | ||
11:30
| Threat modelling in healthcare context | Threat modelling on a state of the art medical data processing platform | Christiaan Hillen (Secura) | ||
12:00
| Working with medical data – Attacker perspective | Attacker perspective on healthcare environments, with a strong focus on social engineering | Christiaan Hillen (Secura) | ||
12:30 | Lunch break | ||||
13:30 | Context-aware access control in healthcare | A view on ABAC and ABE applied to the healthcare domain | Yiannis Verginadis (Athens Univesity of Economocs and Business & Institute of Communication and Computer Systems) | ||
14:00 | ASCLEPIOS in practice – Antibiotics prescriptions | Practical demonstrator designed by NSE | Kassaye Yitbarek Yigzaw (NSE) | ||
14:30 | ASCLEPIOS in practice – Acute Stroke Care | Practical demonstrator designed by Amsterdam UMC | Marcela Tuler (Amsterdam UMC) | ||
15:00 | End of workshop |