This is a scenario showcasing model-based generation and delivery of training tailored to healthcare organizations of different sizes. This scenario will radically move away from current compliance-driven and technology-driven training programs, which are designed with the suppliers’ interests and capabilities in mind. Instead, it will develop on threat-focused models, prioritizing the threats relevant to the specific organization’s size, IT infrastructure and competence level. This way, the THREAT-ARREST model-based design technique will support customization of cyber-security training for the healthcare domain, focusing only on what is actually relevant for each specific healthcare user. The Healthcare Cyber-Security Training scenario includes the following stages:
(1) Set up of a features/threats matrix for healthcare organizations,
(2) Identification and prioritization of organization-specific threats,
(3) Design of THREAT-ARREST models for high priority threats,
(4) Generation and delivery of model-based simulations and training in selected ealthcare institutions.
In the end, this pilot will:
(a) provide actionable information on cyber-security threats/proper responses and on medical device vulnerabilities,
(b) establish an operational framework for alleviating healthcare data breaches,
(c) spread best practices in public health, safety science and cyber-physical systems security to address the challenges associated with healthcare cyber-security risks and
(d) develop a training framework to assess patient safety and public health risks associated with cybersecurity vulnerabilities and mitigate the risks.