EU project SPHINX


The EU-funded project SPHINX is introducing a Universal Cybersecurity Toolkit, to enhance the cyber protection of healthcare IT networks and ensure privacy and integrity for patients’ data.


Using technologies like data mining and machine learning algorithms, SIMAVI is building software that detects known threats based on attack signatures. For the unknown threats, the team of developers from SIMAVI creates profiles of normal behaviour and searches for network traffic events that are considered anomalous because they do not fit the profiles.

A growing number of medical organizations are being targeted by cyber criminals, especially through data theft, denial of service and ransomware. This has brought the need for a holistic cybersecurity vulnerability assessment toolkit, that will be able to proactively assess and mitigate cybersecurity threats known or unknown.

SPHINX project has received funding from the European Union’s Horizon 2020 research and innovation programme to deliver an automated zero-touch device and service verification toolkit that will be easily adapted or embedded on existing, medical, clinical or health available infrastructures.

17 partners across Europe, including Universities, SMEs and Health Institutions participate in the project and Software Imagination and Vision (SIMAVI) – is one of them.

For SPHINX, SIMAVI is building three components of the SPHINX Toolkit:

  • Anomaly Detection (AD)
  • Data Traffic Monitoring (DTM)
  • Interactive Dashboards (ID)

The first two components are complementary. DTM is detecting known threats based on signatures, while AD is designed to detect unknown threats by creating profiles of normal behaviour and searching for network traffic events that are considered anomalous because they do not fit the profiles.

DTM monitors all the packets traversing the network and compares them against a database of attack signatures or attributes of known malicious threats.

AD analyses network activity and classifies it as either normal or anomalous. Instead of using signatures as a basis for classification, AD builds profiles for normal behaviours and uses data mining and machine learning algorithms in order to identify outliers that are reported as alerts.

AD and DTM are based on open source tools in order to obtain state – of – the art solutions easily adaptable and extendable based on the specific requirements of the clients.

The SPHINX Interactive Dashboards Component (ID) represents an important element in SPHINX System. It is the point of access in the SPHINX system and it centralizes the access to the front-ends of the SPHINX components.  Additionally, it facilitates the creation of forecasts and answers to business questions about the IT infrastructure.

More importantly, the ID component collects data from ten SPHINX components and it allows the other SPHINX components to present their data in interactive graphs. The end users are provided with the ability to interact with the data in a dynamic way, to create their own information processes and have great flexibility regarding the analysis of their security system. Different types of panels’ present data in an easy-to-access manner, in graphical, statistical, tabular and temporal formats, offering an intuitive visualisation of relevant cyber security information.

SPHINX’s proposed technology and business framework will be demonstrated and validated under real operating conditions, at three different countries including Romania. The Romanian Polaris Medical Clinic will apply the developed toolkit to identify critical risks and utilise as a powerful tool to mitigate possible cyber-attacks. Based on the activities from SPHINX, Polaris Medical will also be able to train its staff members in dealing with crisis situations and to extend their expertise.


The three components developed by SIMAVI were included in the European Commission Innovation Radar Platform, as Innovations funded by the EU commission that are in an early phase of technological readiness and address needs of existing markets.


Together with all other components that are composing the SPHINX Universal Cybersecurity Toolkit, they will contribute to:

  • Improvement of the security of Health and Care services, data and infrastructures. In the post-SPHINX era, citizens (patients, users) will get a comprehensible insight view of how cyber security works, what vulnerabilities may exist, and how to better manage cyber security threats.
  • Reducing the risk of data privacy breaches caused by cyberattacks. It will minimise the exposure to security risks/threats of health infrastructures (e.g. hospitals) and it will help patients to successfully respond to relevant incidents. SPHINX will increase the system availability during cyber-attacks and decrease the hours for system recovery after a successful cyber-attack, both for core operations and non-critical operations.
  • Increasing patient trust and safety. It will increase the health system availability during cyber-attacks, it will increase the IT infrastructure remaining under normal operation during cyber-attacks and, it will minimise the time for system recovery after a successful cyber-attack (due e.g. risk-prone human behaviour), after the initiation of the attack.

Consortium leader:

  • National Technical University Of Athens, Greece


  • Software Imagination & Vision, Romania 
  • Polaris Medical Clinica De Tratament Si Recuperare, Romania
  • Fint Future Intellingence Limited, Cyprus
  • Konnekt Able Technologies Limited, Ireland
  • Vilabs (Cy) Ltd, Cyprus
  • Aideas Ou, Estonia
  • Hellenic Mediterranean University, Greece
  • Projecto Desenvolvimento Manutenção Formação e Consultadoria, Portugal
  • Edgeneering Lda, Portugal
  • Tech Inspire Ltd, United Kingdom
  • Vrije Universiteit Brussel, Belgium
  •  Fundacion Tecnalia Research & Innovation, Spain
  •  Intracom Sa Telecom Solutions, Greece
  •  Imprensa Nacional - Casa Da Moeda, Portugal
  •  Hospital Do Espirito Santo De Evora Epe, Portugal
  • 5th Regional Health Authority of Thessaly and Sterea, Greece