The Hospital do Espírito Santo de Évora (HES), now called Unidade Local de Saúde do Alentejo Central (ULS), is involved in the AI4CYBER project as an end-user, providing infrastructure and support for the validation of the proposed technical solutions. 

Our use case, Resilient hospital services against advanced and AI-powered cyber-physical attacks, will be composed of three different pilot scenarios, both involving advanced cyberattacks. The focus of both scenarios is on the ever-present threat of data breaching due to the sensitive health data stored in its servers. \

In Scenario 1, ULS’s main goal is to prepare the infrastructure and to gather all the data, logs, and other important information necessary for our partners to test AI4CYBER components in a “real-world” environment: 

When a patient arrives at the hospital, their personal details are cross-checked with the Hospital Information System (HIS) and then passed on to the Electronic Health Record (EHR). In this system, healthcare professionals can access and update each patient’s medical information electronically, which can be viewed from any healthcare facility. 

A physician can, therefore, prescribe medication, request lab tests (Laboratory Information System – LIS), order radiology exams (Radiology Information System – RIS), and view the results and reports provided by specialists digitally. 

Since we can’t test this scenario in a real hospital setting, our plan is to capture all the data traffic generated by communication among the servers in our network and store it on SIEM (Security Information and Event Management) Storage servers. After that, stored data will be anonymised through a tool (Chimera) to remove any identifying information. Upon completion, ULS will provide this anonymised data to our technological developers so they can test their software tools effectively. 

In Scenario 2, complementarily, we’re taking a different approach. Instead of testing our network’s defences, we’re creating a controlled environment for testing cybersecurity tools. 

ULS will set up a virtual environment within a dedicated VLAN (Virtual Local Area Network). This environment will be used by AI4CYBER technological partners to test their developed tools. 

For that effect, we’ll create virtual servers specifically for this purpose. These servers can either mimic the most commonly used operating systems or be clones of servers used in Scenario 1. This ensures that the testing environment closely resembles real-world conditions. In this simulated environment, AI4CYBER’s tools will be tested against replicated systems from ULS. This allows us to demonstrate how these tools can provide valuable insights into the security of the real system. 

The specific attack scenarios to be tested will be determined based on the requirements of the HES pilot project and any legal restrictions that apply. This ensures that the testing process is both comprehensive and compliant with regulations. 

In Scenario 3, ULS will use advanced technology to check how secure its HER, LIS and RIS systems are. The hospital already has some security measures in place, like firewalls and access controls, and now will be using AI-powered tools to do thorough testing. The goal is to find any weaknesses in these systems that could be exploited, and once the weak spots are identified, appropriate controls will be put in place to protect patient data. 

The main key players in this scenario are the ULS’s ICT team, the AI-powered testing tools, and potential attackers. The aim is to make sure patient information stays safe and secure from any ongoing cyber threats. 

ULS’s goal with a 3-scenario approach is to: 

  • Improve security measures: Through Scenario 1, ULS can enhance its security measures by analysing and understanding potential vulnerabilities within its network. By capturing and anonymising data traffic, we can identify weak points and take proactive steps to mitigate cyber threats. 
  • Test cybersecurity tools: Scenario 2 allows ULS to test AI4CYBER tools in a controlled environment without risking disruption to its actual operations. This helps in evaluating and validating the effectiveness of these tools in detecting and responding to cyberattacks, ultimately strengthening the hospital’s overall cybersecurity posture. 
  • Enhance resilience: Both scenarios contribute to develop the hospital’s resilience against cyber threats. By identifying vulnerabilities and testing defence mechanisms, the hospital can better prepare itself to withstand potential attacks and minimize the impact on its operations and patient care. 
  • Collaborate and share knowledge with external partners, such as AI4CYBER consortium, fosters knowledge sharing and expertise exchange. This collaboration enables ULS to leverage the latest advancements in cybersecurity technology and best practices, ultimately strengthening its defence against evolving cyber threats. 

Overall, these scenarios empower ULS to proactively address cybersecurity challenges, safeguard patient data, and maintain the integrity and reliability of its healthcare services.

Figure 1 – General scenario 

Authors: Miguel Gaspar, Ricardo Cabecinha, Stylianos Karagiannis, Unidade Local de Saúde do Alentejo Central, Portugal.