The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies

Worldwide, vulnerabilities and weak security strategies are exploited everyday by adversaries in healthcare organizations. Healthcare is targeted because these crimes are high-reward and low-risk. The attacks differ every time, from hacking medical devices, such as sensors, to stealing patients’ data from electronic health records databases. The effects of these attacks are both short and long term lived, depending on the incidence handling process that each sector is adopting. The Covid-19 pandemic has exposed, in full, that healthcare systems are vulnerable and vastly unprotected while representing a threat to global public health. An important part of the healthcare ecosystem, for the development and validation of innovative tools and methodologies, is the Living Labs which are community-based and adopt co-creation as their primary approach. Because of the many stakeholders involved in the processes of the Living Labs, cybersecurity ought to be in their center. Besides the proven great importance of the Living Labs as part of healthcare, there is no research on security and privacy issues around them. The main purpose of this paper is to explore the supply chain of a Living Lab and identify its security and privacy challenges alongside with its vulnerabilities. The SecTro tool has been used to provide a thorough analysis which follows the Privacy-by-Design approach. The originality and novelty of our work are shown from: (i) moving one step further from desk studies by including requirements from citizens and professionals; (ii) being integrated into an effort from various researchers to supply a holistic approach to Data Privacy Governance; (iii) the first time which a paper is considering and analysing the supply chain of the Living Labs.