Information Security
Information Security Domain
IS. 4 Does the NCPeH have a comprehensive list with the identified, applicable and implemented security controls in place (guidance: a similar list is defined in ISO27001:2013 as the "Statement of Applicability") required by CBeHIS to operate an NCPeH?
Response
Yes. Please refer to:
- Annex IS 1 Information Security Policy and Procedures
- TE 1 NCPeH CY Technical deliverable Part B CY NCPeH Information security Framework
IS. 2 How does the NCPeH implement and ensure adherence to the security measures set out in the eHDSI Security Policies (Section I – Security Policies) and the Organisational Framework for eHealth National Contact Points?
Response
NCPeH system fulfills eHDSI Security policies requirements. For more info please refer to:
- TE 1 NCPeH CY Technical deliverable Part B, Section B.11. eHDSI Security Policies.
IS. 3 Has the NCPeH performed a business impact and risk assessment on which controls to implement for ensuring that the required security policies are fulfilled (including data confidentiality, integrity, authenticity, availability) and on which controls it has excluded or not implemented along with the appropriate justification and risk acceptance for such exclusions by the accountable entities?
Response
Business impact and risk assessment has been performed and the necessary controls have been implemented for ensuring that the required security policies are fulfilled. For more info please refer to
- Annex OP 10 Business Impact NCPeH CY
- Annex IS 1 Information Security Policy and Procedures
IS. 5 Are the data flows in the Cross Border eHealth Information System network (CBeHIS), including national and cross-border data flows, documented?
Response
Yes. Data flows are documented. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable, Part A, Section A5.
IS. 6 Does the NCPeH ensure that no cross-border data are transmitted via their services to an entity that either does not belong to or is not allowed within the CBeHIS network?
Response
The following configurations and setups are in place to ensure that no cross-border data are transmitted via their services to an entity that either does not belong to or is not allowed within the CBeHIS network Physical Environment: Server areas are physically protected from unauthorized access and additionally are protected with security alarm. The areas inside the governmental network are protected with physical control access and are align with physical security standard and guidelines. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable, Part B, Section B.10 Physical and Environmental Security Policy
Physical Layer Configuration and Setup:
NCPeH is deployed on physical servers that they host ONLY NCPeH software. Network Layer Configuration and Setup: All cross border connections are implemented in TESTAng network NCP A is visible and accepts connections only from another member state NCP B. NCP B is connected only to other member states as NCP A. NCP A and NCP B are hosted in an isolated network (VLAN) and are not accessible from other services and servers in the government network. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable, Part A, Section A.3 Zone Description.
Application Layer Configuration and Setup (National Site): All data connections are established via SSL communication channels over HTTPS. National Portal is protected via a mutual authentication mechanism in public zone
- Two-way SSL. For more info please refer to:
- TE 1 NCPeH CY Technical deliverable – Part A, Section Α4.a.ii
- National Gateway Authentication. For more info please refer to TE 1 NCPeH CY Technical deliverable – Part A, Section Α4.a.ii
- End users (Doctors) have access only to his/her patients according to the consent they signed.
- All end user transactions and activities are audited.
- Patient Search (acting as country A) are based on multiple criteria (at least ID and DOB needed)
For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable, Sections A4 and A5.
Application Layer Configuration and Setup (International Site): There is a 2 way SSL secure communication. For more information please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section Α4.f.vi
Point to Point Architecture. Firewall settings and configuration do not allow information exchange with any entity which is not specified by the security rules. For more information please refer to: = Annex TE 1 NCPeH CY Technical deliverable Section A3.
IS. 7 Has the NCPeH established an appropriate system of collecting, analysing, storing and retaining audit trails and logs?
Response
Yes. The NCPeH CY has established an appropriate system for collecting, analyzing, storing and retaining audit trails and logs. National Site: Audit Log Service. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section Α4.d.2.
Audit Log Monitoring Tool. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section Α4.d.1.
International Site: OpenNCP ATNA audit trail logs. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section Α4.f.vii.1
Analysis service for unusual activity detection. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section A4.f.vii.3.
Infrastructure monitoring: Zabbix Open-source monitoring tool. For more info please refer to:
- Annex OP 3 Zabbix Open-source monitoring tool.
IS. 8 Does the NCPeH have policies and procedures in place which set out how information security incidents should be managed (reporting, registration, analysis, resolution and escalation) including security incidents affecting other NCPeHs?
Response
Yes. For more info about information security incident management please refer to Annex OP 1 Service Operation Plan, section 4.4 Incident and Problem Management. Additionally, we have deployed a security incidents ticketing system (for more info please refer to Annex OP 9 Service Desk Monitoring Tool.
IS. 10 Does the NCPeH establish a secure connection with other NCPeHs? (e.g. TLS certificates, eSeal assertions, TESTA vpn)
Response
The following setups/configurations/deployment strategies are in place to ensure secure connection with other NCPeHs: Network Layer: TESTAng Connectivity (point to point connectivity). For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section A3.b
NCP A services are deployed in isolated networks (VLANs). For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section A3
Application Layer: OpenNCP 2-way SSL communication. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Section A4.f
SMP central configuration services. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, in AV. Appendix SMP and Certificates in sub section a.
T. 4 Are the pre-Production and Production environments made available through TESTAng?
Response
Production and testing environment are available through the TESTAng environment.
T. 6 What are the mechanisms in place for managing the certificates life-cycle?
Response
There is an automatic procedure for certificates updates. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part A, Appendix AV.b
IS. 11 Has the NCPeH defined service/business continuity requirements and are these documented in a Business Continuity Plan?
Response
NCPeH has defined a service/business continuity requirement and they are documented in the business Continuity Plan, based on the MOH HIS plan. For more info please refer to:
- Annex OP 7 Business Continuity Procedures NCPeH CY.
IS. 12 Has the NCPeH a Disaster Recovery Plan in place for the NCPeH Technical Gateway and other critical services and resources?
Response
There is no disaster recovery plan in place but only a backup policy. For more info please refer to:
- Annex TE 1 NCPeH CY Technical deliverable – Part B, B13. Backup
IS. 13 Are the physical areas between the processing facilities and staff operating the eHealth system defined and documented (e.g. under Asset Management, Procedures or elsewhere)?
- If yes, explain how. - If exceptions, please explain if you have performed a business impact and risk assessment and the communication of any impacts and risks to the appointed responsible entities. - If no, please explain why not. Response Yes. For more info please refer to: • Annex TE 1 NCPeH CY Technical deliverable – Part B Section B2. Asset Management Policies and in Annex IS 1. Information Security Policies and Procedures. 14. IS. 14 Is the NCPeH operations environment, including networks, adequately segregated from other environments not belonging to the CBeHIS operations environment?
Response
The following setup and configurations are in place to enforce segregation from other environments not belonging to CEeHIS Physical Layer NCPeH CY is deployed on 4 dedicated physical servers Logical Layer NCPeH CY Zones are deployed in deferent VLan based on 3-Tier software architecture. For more info please refer to:
- Annex TE 1 NCP CY Technical deliverable – Part A, Sections A2.a and A3.a.
All zones are protected via firewall rules and are isolated from other services and servers. For more info please refer to:
- Annex TE 1 NCP CY Technical deliverable – Part A, Sections A3.
IS. 15 Are the NCPeH facilities where staff operate the NCPeH adequately protected and controlled including safeguards for facilities with sensitive assets?
Response
Yes. The NCPeH equipment is installed at Ammochostos General Hospital. The building premises where the staff operates the eHealth system is controlled by private security, police officer and CCTV. For more info about environment security management and asset security management policies please refer to:
- Annex TE 1 NCP CY Technical deliverable – Part B. B2 Security Policies, B3 Asset Classification Policy, B4 Access Control Policy, B9 Human Resource Policy and B10 Physical and Environmental Security Policy.
IS. 20 Has the NCPeH documented policies that define how personally identifiable information is safeguarded?
Response
NCPeH has documented and implemented the policies of physical security, application access, secure destruction, accessibility and asset identification that are related to safeguard personal identifiable information. For more info please refer to Annex TE 1 NCP CY Technical deliverable – Part B. Additionally the following technological artifacts have been developed for safeguard personal identification: Authenticated and Authorized entrance to the system. Only doctors have access to medical data and additionally they have access only to the patients that they are connected – they have consent from the patient. For more info please refer to:
- TE 1 NCP CY Technical deliverable Part A, A4 a.
All personal identifiable data (dob and patient ID) are encrypted via the AES encryption algorithm. For more info please refer to:
- TE 1 NCP CY Technical deliverable Part A, Section A3.a.vi
No demographics are stored in the system, but they are retrieved from the national health information system (MEDICO) on demand. For more info please refer to:
- TE 1 NCP CY Technical deliverable, Section A3.a.viii.
All transactions are logged and stored to the system. For more information, please refer to:
- TE 1 NCP CY Technical deliverable Part A, A4.d.
IS. 22 [NCPeH-B] Has the NCPeH a mechanism in place to ensure foreign patients' identity validation and to appropriately safeguard their private information?
Response
Foreign patient identity validation is based on the response of foreign country NCP A IHE XCPD. Patient validation is performed manually from the Health care Professional according to the response of NCP A and official documentation that is provided from the patient. No private information of foreign patients is stored in the NCPeH CY system except from the audit logs.
IS. 23 [NCPeH-A] How does the NCPeH ensure the integrity (non-repudiation) of the relation between the Citizen's ID and their Health Data.
Response
Cypriots have a unique Identification Number (ID number). This is a unique identifier of a patient data set in the NCPeH CY system that is a unique AES encrypted string of ID and date of birth. Health data stored in the NCPeH CY are stored and retrieved based on the unique encrypted string for each patient. Relational Database constrains are in place to ensure that AES encrypted strings of ID and date of birth are unique. For more info please refer to:
- Annex TE 1 NCP CY Technical deliverable – Part A, Sections A3.a.vii and A3.a.viii.
IS. 24 What are the control measure put in place by the NCPeH to ensure: that all users are assigned only the necessary rights for performing their specific duties on the systems and services; and that these rights are revised and revoked when necessary?
Response
There is a virtual server that hosts the Microsoft Active Directory to manage users’ privileges and access level. Only active users are authorized to access NCPeH CY according to their role and their duties. Revocation list and revision can easily be performed to ensure that all users have the correct access rights. For more info please refer to:
- Annex TE 1 NCP CY Technical deliverable – Part A, Section A4.
Response
Yes. NCPeH CY has defined roles and responsibilities according to Information Security Management policies. For more information please refer to:
- Annex OP 2 Operation and Organizational Structure, Section 7.
IS. 26 Are the different roles and responsibilities of Information Security Management segregated within the NCPeH? (e.g. Administrators, Incident Response Teams, Testing, Operators)
Response
Yes. NCPeH CY has defined roles and responsibilities according to Information Security Management policies. For more information please refer to:
- Annex OP 2 Operation and Organizational Structure, Section 7.
IS. 27 [NCPeH-B] Is the NCPeH connected with your country Health Professionals Identity Provider?
Response
All Health Care Professionals are authenticated and authorized via NCPeH Active Directory. Health Professional Identity provider will be integrated to NCPeH system only for validations purposes during the registrations of Health care professionals to NCPeH Active Directory. For more info please refer to:
- Annex TE 1 NCP CY Technical deliverable Part A, Sections A3.a.iv and A4.a.
IS. 28. When information is sent from one country to another, it must be assured that the information has been received with the appropriate integrity by the end user (NCPeH of country B). (note: this requirement is applicable under Information Security Domain in the area "Integrity" not in the area "Availability". It is not requested to ensure that the message is transmitted, but if transmitted it must have evidence of integrity)
Response
We follow NCPeH Data confidentiality and data integrity procedures. CEF eHDSI OpenNCP is securing that the exchanges between the nodes are based on a trust model supporting X509 certificates. For more info regarding X509 certificates please refer to:
- Annex TE 1 NCP CY Technical deliverable – Part A, Section Α4.f.vi and in Appendix AV.b
- Annex TE 1 NCP CY Technical deliverable – Part A, Section Α4.f.vi.2
IS. 29 What controls does the NCPeH implement to ensure the security (confidentiality, integrity, availability, non-repudiation, authenticity and auditability) of data processed?
Response
NCPeH has implemented all the necessary security services for confidentiality, integrity, availability, non-repudiation, authenticity and auditability. For more info please refer to:
- Annex TE 1 NCP CY Technical deliverable Part A7.
IS. 31 Does the NCPeH ensure that all systems and application activities are appropriately logged and monitored, and are appropriately safeguarded and reviewed in order to check for unauthorised access and modifications?
Response
Yes. We collect and record all activities of every single user in a different database dedicated for user activity logging. For more info please refer to:
- Annex TE 1 NCP CY Technical deliverable Part A.
Additionally, web servers such as web apache and Tomcat keep logged information about their operations and requests.