SECANT Uses IOTA for IoT and Data Infrastructure in Europe’s Health Industry
The creation and sharing of data play a vital role in today’s health industry. Whether data generated by patients via wearable devices or by medical instruments, or data used to manage patient health and hospital performance, or data used in health research and health policymaking, data is the lifeblood of healthcare and health research.
It follows that the task of ensuring the security, privacy and integrity of this data is vital, especially data linked to patients’ medical records. Unfortunately, the health industry experiences more data breaches than any other sector (according to several different surveys around the world).
It’s hardly surprising. Unlike paper records, digital records are vulnerable to hacking, misuse and technical errors. These vulnerabilities have come under scrutiny during the Covid-19 pandemic following controversies about the various track and trace app-based systems implemented by governments around the world (and which have been described by academia as stress tests for privacy, the GDPR, and data protection regimes). And the vulnerability of health-related data isn’t just a privacy issue, either: it causes major financial damages, with one report estimating the average cost of data breaches in the healthcare industry worldwide in 2020 as 7.13 million US dollars.
As the creator of a feeless, frictionless and scalable distributed ledger technology (or ‘DLT’, the technological infrastructure and protocols that enables simultaneous access, validation and immutable record updating in a network spread across many entities or locations), the IOTA Foundation is uniquely placed to help create an infrastructure to securely control the authenticity and sharing of health-related data. So the Foundation is especially proud to have been awarded a grant of €535,000 to participate in SECANT (Security and Privacy Protection in Internet of Things devices), a European Commission-funded project that is part of the Horizon2020 research and innovation program and which will develop a state-of-the-art secure ledger infrastructure and a threat intelligence and mitigation platform in the field of e-health. With a total budget of over five million euros, SECANT had its official launch on 27 and 28 September 2021 and is scheduled to run until August 2024.
As the program’s sole provider of DLT, the IOTA Foundation is working with several of Europe’s leading healthcare and security organizations, including the Karolinska Institute (one of the world's foremost medical universities and Sweden's single largest center of medical academic research), Thales (the French multinational that designs and builds electrical systems and provides services for security aerospace, defense and transportation), Everis Spain (an NTT DATA Company dedicated to consulting and outsourcing), and CERT.RO (the Romanian national cyber security and incident response team).
An international collaboration
SECANT aims to support health organizations in the fight against advanced cyber threats by implementing (a) collaborative threat intelligence tools for collection, analysis and sharing of threats; (b) innovative risk analysis models specifically designed for interconnected nodes of an industrial ecosystem; (c) cutting-edge trust and accountability mechanisms for data protection and sharing (d) security awareness training for more informed security choices. Together, these measures will be a major contribution towards improving the resilience of organizations facing modern cyber-threats, significantly increasing privacy, data protection and accountability across Europe’s interconnected ICT ecosystem, and reducing the costs for security training in the European market. In the future, SECANT expects to expand its focus from the European market to worldwide.
SECANT is coordinated by NTT Data Spain and includes the following participating institutions and organizations alongside the IOTA Foundation: the i2CAT Foundation (Spain) and The TIC Salut Social Foundation (Spain); Karolinska Institutet (Sweden); CERTH (Greece), Axon Logic (Greece), INFOLYSIS (Greece), ADR (Greece); 8Bells (Cyprus), UBITECH (Cyprus), Bi2S (Cyprus), and Ianus Consulting (Cyprus); Thales (France); CLS – Cyberlens (The Netherlands); The University of Surrey (UK); Simavi (Romania), CERT-RO (Romania); Polaris (Romania); and Security Labs (Ireland).
The IOTA Foundation and the Trust and Accountability Module
The IOTA Foundation has been chosen to lead SECANT’s Work Package 4, pursuing the project objective of designing, implementing and deploying a DLT-based Trust and Accountability Module (TAM). TAM will enable SECANT stakeholders to secure the trust of patients and the security of medical devices and the healthcare supply chain when sharing health data and developing solutions. This Work Package and its tasks are scheduled to run from December 2021 to December 2023 and sees the IOTA Foundation as the lead beneficiary in a team composed of NTT Data, UBITECH, Axon Logic, the University of Surrey, SIMAVI, CERT-RO and i2CAT. The IOTA Foundation will also be involved in other project activities, including architecture specifications, integration and pilots, as well as the dissemination and exploitation of the results.
TAM uses the IOTA Identity Framework to register and verify decentralized device identities and records data transactions throughout different stakeholders within the pharma supply chains to ensure zero-error deliveries, adherence to standards and audibility. Securing the integrity and protection of patient health and medical device data with cutting-edge privacy-preserving and encryption technologies, as well as the secure inventory and certification of the medical devices, will be among the functionalities enabled by TAM and will help minimize the risks associated with the misuse of personal data in eHealth.
SECANT also aims to utilize infrastructure based on the immutability of the IOTA distributed ledger (known as the Tangle) and on IOTA Streams (an organizational tool for structuring and navigating secure data through the Tangle) to support TAM tools by recording immutable and auditable data transactions, tracking the delivery of goods and services and keeping a decentralized database of the status (such as security patches) of all Internet of Things devices participating in the industrial supply chain.
The figure below summarizes some of the expected use cases that TAM will tackle:
Trust, accountability and technology
The IOTA Foundation is committed to creating a sustainable infrastructure to provide secure data for individuals and organizations and collaborates with a diverse array of partners in academia, business and government to achieve this vision. At the heart of this vision are security, immutability and trust, and the grant awarded to the IOTA Foundation by SECANT confirms that it is well-placed to deliver trusted distributed ledger technology to the European health sector.
In assigning roles to the participating organizations, the SECANT Consortium singled out the IOTA Foundation for its expertise in trust, accountability and blockchain technology, as well as its experience in digital security, privacy by design, and personal data protection. Furthermore, the Foundation’s feeless, decentralized and energy-efficient technology ensures the scalability and sustainability necessary to support a European-wide data infrastructure.
On joining SECANT, Michele Nati, Head of Telco and Infrastructure Development, said: “With SECANT, the IOTA Foundation has the chance to expand the work started with ENSURESEC and continue to contribute to securing existing infrastructures that are key for the European Digital Single Market, in e-health as in e-commerce. We will continue to learn from real-world scenarios, develop ledger-based tools for our community, while increasing adoption with strategic partners. Learning and tools that we hope to contribute to the application layer of the European Blockchain Services Infrastructure (EBSI) architecture, to which IOTA Foundation is also contributing.”
To read more about SECANT, please visit the project's website.