A realistic cyber security exercise environment for the digital healthcare domain
In JYVSECTEC´s cyber range physical devices integrated with virtual services form a plausible infrastructure for realistic cyber security exercises for healthcare actors. The environment is being built in Healthcare Cyber Range (HCCR) project. The project aims to secure continuity in patient safety and care by raising healthcare professionals’ awareness and knowledge on cyber threats and defense methods through realistic cyber security exercises. The project is implemented by JAMK´s Institute of Information Technology/ JYVSECTEC (project coordinator) in collaboration with JAMK´s School of Health and Social Studies and in co-operation with project partners. The project is funded by the European Regional Development Fund and project partners.
The Healthcare Cyber Range project (HCCR) is getting ready for a pilot cyber security exercise in September 2021. The project is extending the Realistic Global Cyber Environment RGCE at JYVSECTEC to meet the training needs of healthcare actors. The healthcare cyber security exercises are not intended only for ICT experts, but for broader set of experts as well. Basic knowledge of cyber security and the effects of a possible cyber attack are important knowledge also for healthcare personnel. To enable the participation of doctors and nurses the project has invested in real life medical equipment to be used in the cyber security exercises. These include an acute care system made by Dräger with real-time vital signs and Dräger Evita V800 intensive care ventilation and respiratory monitoring, as well as Gaumard HAL S3201 advanced multipurpose patient simulator.
These physical devices integrated with virtual services form a plausible infrastructure for realistic cyber security exercises for healthcare actors. The virtual healthcare services of the cyber environment are currently being developed and pieced together. The environment contains simulated models of public services used in the Finnish healthcare sector. The modelled services include Kela’s (the Social Insurance Institution of Finland) Kanta.fi patient data repository, prescription services, DVV (Digital and Population Data Services Agency) population information and identification systems. Also, for example pharmacy services, a population generator called Stork and several hospitals are represented. The hospitals contain simulated wards, patient monitoring, laboratory, and imaging services, some to mention.
The HCCR project creates a cyber-physical environment enabling realistic exercise scenarios with a wide range of cyber incidents taking patient safety into account. For example, what actions to take in case of a data leak? What if systems are attacked with a virus or ransomware? How to operate if the data transfer between different systems is interfered or broken? What actions are needed if the hospital´s essential medical devices are attacked?
For more information about the environment, pilot exercise and benefits of participating cyber security exercises watch the video from our YouTube (English subtitles available)
Elina Suni, Project Manager
p. +358 649 5054