Real life medical equipment and simulated public health services in healthcare cyber security exercises

The Healthcare Cyber Range project (HCCR) is getting ready for a pilot cyber security exercise in September 2021. The project is extending the Realistic Global Cyber Environment RGCE at JYVSECTEC to meet the training needs of healthcare actors. The healthcare cyber security exercises are not intended only for ICT experts, but for broader set of experts as well. Basic knowledge of cyber security and the effects of a possible cyber attack are important knowledge also for healthcare personnel. To enable the participation of doctors and nurses the project has invested in real life medical equipment to be used in the cyber security exercises. These include an acute care system made by Dräger with real-time vital signs and Dräger Evita V800 intensive care ventilation and respiratory monitoring, as well as Gaumard HAL S3201 advanced multipurpose patient simulator.

These physical devices integrated with virtual services form a plausible infrastructure for realistic cyber security exercises for healthcare actors. The virtual healthcare services of the cyber environment are currently being developed and pieced together. The environment contains simulated models of public services used in the Finnish healthcare sector. The modelled services include Kela’s (the Social Insurance Institution of Finland) patient data repository, prescription services,DVV (Digital and Population Data Services Agency) population information and identification systems. Also, for example pharmacy services, a population generator called Stork and several hospitals are represented. The hospitals contain simulated wards, patient monitoring, laboratory, and imaging services, some to mention.

The HCCR project creates a cyber-physical environment enabling realistic exercise scenarios with a wide range of cyber incidents taking patient safety into account. For example, what actions to take in case of a data leak? What if systems are attacked with a virus or ransomware? How to operate if the data transfer between different systems is interfered or broken? What actions are needed if the hospital´s essential medical devices are attacked?

For more information about the environment, pilot exercise and benefits of participating cyber security exercises watch the video from our YouTube (English subtitles available)

Further information

Elina Suni, Project Manager
p. +358 649 5054

Project partners: Hospital District of Helsinki and Uusimaa, Central Finland Health Care District, Päijät-Häme Joint Authority for Health and Wellbeing, Tampere University Hospital, Primary Health Care Business Establishment Saarikka, National Institute for Health and Welfare, Social Insurance Institution of Finland, TRAFICOM/ NCSC-FI, National Emergency Supply Agency, Huld Oy, DigiFinland Oy and Telia Finland Oy.