The ENTRUST project aims to solve the problem of the lack of cybersecurity implementations in connected medical devices (CMDs) without limiting their applicability. Its trust management architecture holistically manages the CMD lifecycle, starting with formally verified design-time trust models and risk assessment processes, through to secure lifecycle procedures and real-time compliance certificates based on new runtime attestation mechanisms and distributed registries.
ULS, a local health unit in central Alentejo, Portugal, realizes both the potential of cybersecurity advances in data privacy and protection, as well as the danger of cyberthreats in the Healthcare ecosystem, given the multiple attacks on Health facilities across the world due to the increasing value of personal data.
In ENTRUST’s use case 3 - Digital assistance to improve the health and well-being of patients and carers, ULS is focused mainly on its scenario 1 – Smart Ambulance, as shown briefly in Figure 1. The transfer of patients in critical status to healthcare institutions where they can receive proper care is one of the most vital services offered by healthcare providers. Today’s connectivity promises to revolutionise time-constraint emergency medical services by utilising information to improve transportation safety and ensure zero-error patient delivery. Smart ambulances and aerial means of transportation host several connected medical devices to closely monitor the patient's status until their delivery to the hospital. Throughout the ambulance ride, the collected health-related information is uploaded to patient monitoring systems (PMS) services and analysed by doctors to provide guidance to the first responders. In the ambulance case, the attack vector is expanded considering the mobility of the devices and the need to connect to different cellular and wireless to transmit the necessary information to medical systems and cloud services. For instance, a malicious actor can impersonate a device carried by ambulance and feed inaccurate information to the hospital services, causing them to miscalculate the medical status of the victim, which is critical for ambulance service when trying to reach the emergency unit.
As such, ULS’ role will be to acquire and use existing CMDs in their infrastructure and simulate patient transport through the use of medical vehicles, with the goal of testing and validating patient data transfer protection between said vehicle and ULS emergency room. By understanding the underlying issues of the region, such as large distances between occurrences and the Hospital, we aim to capitalise on being part of this Consortium and its technological approach to cybersecurity by analysing pain points, possible issues and ways to mitigate data transfer weak spots, thus strengthening our own infrastructure in the process.