Read this article in Catalan
Cyberattacks committed by malicious programs have multiplied by 2.5 in 2022. The interruption – even temporary – of electronic systems in healthcare centers, such as the management of appointments or access to medical records in electronic format , has consequences for medical care. And they can paralyze entire systems for days, putting patients’ health at risk.
It is not only about guaranteeing healthcare, but also avoiding data leaks or manipulations. Medical records contain highly sensitive information such as medical histories, diagnoses or test results. Guaranteeing the integrity and availability of computer and communication systems in healthcare environments thus becomes of great importance, since the care of the entire population depends directly on their correct functioning.
“Providing appropriate cybersecurity tools to health centers is crucial and should be a priority for all administrations involved, both at the national and regional levels,” explains Òscar Esparza, coordinator of the new Chair. This is the approach from which the new CARISMATICA Chair is based, which the National Institute of Cybersecurity (INCIBE) has awarded to the Universitat Politècnica de Catalunya – BarcelonaTech (UPC) within the framework of the Cybersecurity Chairs program in Spain, within the Global Program of Security Innovation. The chair, which will be coordinated by the research group Information Security Group – Mathematics Applied to Cryptography (ISG-MAK) of the UPC, made up of researchers from the Departments of Telematics Engineering and Mathematics, was created with a fourfold objective: to raise awareness, educate , innovate and collaborate in the field of cybersecurity in the healthcare field.
Raise awareness and educate on cybersecurity
One of the purposes of the Chair will be to inform all agents involved in the health supply chain (patients, healthcare personnel, administrative staff, supplier companies, etc.) about the importance of cybersecurity, the possible threats and the repercussions of an attack.
Knowledge and resources will also be provided so that all these actors adopt good practices in cybersecurity. To do this, content will be generated to improve the culture of cybersecurity, adapted to different audiences. In the same way that the health sector promoted minimum hygienic health measures during the pandemic (mask, social distance, hand hygiene), the Charismatic Chair aims to educate the population to follow minimum safety measures that allow increasing the level of data protection and medical infrastructure.
“There will also be an impact on future cybersecurity professionals, proposing new subjects in the UPC study plans or the design of continuing training programs,” details Miquel Soriano, vice-rector of PDI Policy and researcher of the research group. ISG-MAK. The participation of prestigious professors in this field in the UPC study plans, a travel fund for doctoral students or prizes for the best end-of-study projects or doctoral theses in cybersecurity will also be promoted.
Research and innovation, key axes of the initiative
Within the framework of the CARISMATICA Chair, innovative techniques will also be developed to ensure the provision of healthcare services, the protection of confidential information and the integrity of critical systems and infrastructures. Along these lines, “two lines of research will be opened from the Chair: a first focused on blockchain technology and zero knowledge proofs (ZKP), as key tools to guarantee security in the sharing of health data, and a second focused on reinforcing the traceable exchange of medical data, key to guaranteeing the privacy and security of patient information,” adds Carla Brugulat, project manager.
Through the Chair, the incorporation of cybersecurity as an integral part of the internal organization of the health system will also be encouraged, promoting shared responsibility and the active participation of all agents—health professionals, system administrators and service providers. ICT—to share knowledge, resources and good practices in cybersecurity.
The activities of the Chair began this January, with the launch of the project, and will end on December 31, 2025. It is expected that the Cybersecurity Agency of Catalonia (ACC), the i2CAT Foundation, the TecnoCampus of Mataró and the Delft University of Technology (TU Delft).
The project has a budget of 1.26 million euros, of which INCIBE contributes 74% and is carried out within the framework of the Recovery, Transformation and Resilience Plan funds, financed by the European Union (Next Generation ), the Spanish Government project that outlines the route for the modernization of the Spanish economy, the recovery of economic growth and job creation, for the solid, inclusive and resilient economic reconstruction after the COVID-19 crisis, and for respond to the challenges of the next decade.
