Hospitals and care centres are prime targets of cyber criminals, especially concerning data theft, ransomware, man-in-the-middle and phishing. This reflects the Healthcare Sector’s need for a holistic cybersecurity vulnerability assessment toolkit, that will be able to proactively assess and mitigate cybersecurity threats known or unknown, imposed by devices and services within a corporate ecosystem.

The SPHINX project contributed to the impacts set out in the H2020 work programme ‘Toolkit for assessing and reducing cyber risks in hospitals and care centres to protect privacy/data/infrastructures’ through:

• improving the security of Health and Care services, data, and infrastructures. In the post-SPHINX era, healthcare ICT personnel can get a better insight into how cybersecurity works, what vulnerabilities may exist, and how to better manage cyber threats in their organisations.
• reducing the risk of data privacy breaches caused by cyberattacks. SPHINX toolkit reduces the exposure to security risks/threats of healthcare IT infrastructure, especially in hospitals. SPHINX’s tools increase the system availability during cyber-attacks and decrease the hours for system recovery after a successful cyber-attack, both for core operations and non-critical operations.
• increasing patient trust and safety. It provides better availability of IT systems, and available services to healthcare professionals and patients even during cyber-attacks and it reduces the time needed for systems’ recovery if an incident happens.

The SPHINX architecture has the capability to concentrate and handle data from a large number of devices and services, thus covering a wide range of use case scenarios. Its users are kept informed at all times via a multitude of dashboards and visual analytics, while being able to interact with the services and functions of the proposed solution in an intuitive and user-friendly way.

The technologies developed in SPHINX have been evaluated in simulated operating conditions in four Health Delivery Organisations across three European countries. The pilot sites were:

1. The General University Hospital of Larissa & the General Hospital of Volos under the jurisdiction of the 5th Regional Health Authority of Thessaly and Sterea in Greece;
2. The Hospital do Espírito Santo de Évora in Portugal;
3. The Polaris Medical Hospital in Romania.