A privacy-by-design approach to model the supply chain of a Living Lab: Conceptual issues of privacy, security, and associated vulnerabilities

Healthcare organizations are attacked daily by malicious hackers who expose the weak security strategies and vulnerabilities of the entities. Attacks to such organisations, are considered a low-risk and high-reward crimes. Breaches in security and privacy usually refer to cyberattacks, when a set of information is hacked, stolen, corrupted or transferred by unauthorized individuals. Meanwhile, the attacks may differ on every occasion from stealing health records, patients’ data or hack medical devices, such as insulin pumps and pacemakers. Depending on the incidence handling process that each healthcare organization is adopting, the effects of these attacks may be direct, such as patients’ death, or indirect, such as hurting the reputation of the organization, while short and long-term living. The pandemic of Covid-19 has fully revealed how unprotected and vulnerable the healthcare systems are. The Living Labs are an asset within the healthcare ecosystems, in which innovative methodologies and tools are developed and validated. A Living Lab adopts the approach of co-creation, is community-based, and involves various stakeholders, which makes it a necessity to consider cybersecurity. However, there is a lack of research on security and privacy issues related to the Living Labs. The overarching aim of our work is to identify the supply chain of a Living Lab and explore the privacy and security issues with the associated vulnerabilities. The adopted methodology and analysis were via the privacy-by-design tool ‘Secure-Tropos’. The novelty and originality of this piece of work lie in 1) considering the requirements of health and cyber professionals and citizens, 2) adding value to creating a homogenous approach to Data Privacy Governance, 3) identifying and analysing, for the first time in the literature, the supply chain of a Living Lab. The supply chain holistic modelling which has derived, creates space to instigate mitigation strategies for privacy and security risks. The production of this information flow helps professional bodies and organizations to avoid wrongful practices, increase awareness and communicate their needs. The findings of this study have further produced a set of practical awareness mitigation strategies, associated with security and privacy within a Living Lab setting.