Topics:
Following its pioneering HyperSOC initiative, ASL Roma 1 is moving beyond prevention and prediction into a new frontier with HOPE, its Healthcare Operational Protection & Excellence program.
HOPE reimagines cybersecurity not as a defensive function, but as a living cognitive system that learns, correlates, and reasons across every layer of the healthcare ecosystem. It marks the birth of a new discipline for digital public health: operational intelligence for healthcare governance.
Here are the steps we envision for this journey:
ASL Roma 1's journey from visibility to cognition began with HyperSOC, which unified data and events. HOPE advances this concept by unifying meaning; merging logs, vulnerabilities, compliance evidence, and AI-driven metrics into a shared operational consciousness.
Its microservice framework—SecurityView, SecurityKPI, LOGGIT/LOGAN, and HOPE Agents—creates a continuous feedback loop between data collection, risk scoring, and executive decision-making. The system no longer simply detects or forecasts anomalies; it interprets organizational behavior, uncovering weak signals and structural dependencies between technology, process, and compliance.
Let’s look at each of the microservices within the HOPE framework, each responsible for a specific function in the ecosystem:
SecurityView: A real-time monitoring and operational analytics engine, aggregating data from IT, OT, and IoMT systems into a unified operational dashboard.
SecurityKPI: Converts data into key performance and risk indicators (KPI/KRI) for continuous cybersecurity and compliance measurement.
LOGGIT/LOGAN: A log management and event correlation platform, serving as a central data lake for security and operational logs from network, clinical, and IT systems.
HOPE Agents: AI-powered software agents that analyze data streams to detect anomalies, generate predictive alerts, and suggest automated remediation.
In effect, HOPE transforms the healthcare network into a thinking organism, capable of perceiving its own digital health.
Traditional cybersecurity frameworks often stop at compliance. HOPE goes further, transforming regulatory requirements into machine-readable governance logic.
Its architecture embeds NIS2, GDPR, ISO/IEC 27001, ISO/IEC 42001 (AI Governance), Law 90/2024, and Decree 138/2024, translating them into digital control points and real-time evidence. Each alert, audit, or corrective action becomes a verifiable act of accountability.
Through its Digital Conformity Registry, HOPE generates immutable, timestamped records linking technical events to legal obligations – effectively making "the law executable." This positions ASL Roma 1 among the first European health organizations to operationalize AI accountability and explainability within public-sector cybersecurity.
The Digital Conformity Registry is a proprietary software module embedded within the HOPE framework. It acts as a dynamic digital compliance registry, continuously mapping cybersecurity and data-protection controls to the organization’s real-world systems in accordance with Italian and EU legislation, including:
Italian Law 90/2024, implementing the EU NIS2 Directive on essential service cybersecurity and governance;
Italian Law 138/2024, which strengthens cyber and data protection measures in public healthcare;
EU Regulation 2016/679 (GDPR), Articles 32 and 35, on security of processing and impact assessment;
ISO/IEC 27001:2022, the international standard for information security management systems.
In essence, it automatically links technical and operational evidence (logs, vulnerabilities, incidents, audits) to the relevant compliance controls, enabling traceable, measurable, and continuously auditable conformity. It also operates in line with the guidelines of Italy’s National Cybersecurity Agency (ACN) and AGID (Agency for Digital Italy).
HOPE extends its cognitive capabilities beyond security to embrace operational excellence in healthcare asset management. The platform provides unprecedented visibility into medical device utilization, correlating equipment usage patterns with service demand, waiting lists, and operational costs.
By analyzing real-time indicators across the medical device ecosystem, HOPE enables evidence-based resource optimization: identifying underutilized equipment, matching device availability to procedure types, and revealing cost inefficiencies in equipment deployment. This intelligence layer transforms asset management from reactive allocation to predictive resource orchestration, where clinical demand forecasting meets equipment lifecycle analytics.
The result is a measurable reduction in waiting times, mean time to respond/repair (MTTR) within both cybersecurity and clinical-technical processes. By automating detection and response workflows, HOPE reduces operational bottlenecks, improving system availability and service continuity across healthcare environments. It also provides improved return on medical equipment investment, and data-driven procurement decisions aligned with actual clinical needs rather than historical estimates.
HOPE redefines how people interact with technology.
It orchestrates human and machine intelligence, giving CISOs, DPOs, and clinical directors a common semantic layer that connects patient safety, data integrity, and operational resilience. Every indicator—a delayed ticket, a device anomaly, a vulnerability score—can trigger context-aware governance responses, supported by shared evidence and transparent reasoning.
Rather than replacing human judgment, HOPE amplifies perception, turning dashboards into instruments of understanding rather than control. This represents the emergence of a neuro-digital healthcare infrastructure, one that learns, adapts, and heals itself.
With HOPE, ASL Roma 1 establishes a new benchmark for healthcare intelligence: Where data becomes conscience, and security becomes care. HOPE is not merely the evolution of HyperSOC; it is the advent of a living governance system—a symbiosis of cybersecurity, ethics, and artificial intelligence designed to safeguard both information and life itself.
Stefano Scaramuzzino is the cybersecurity team leader and network and information systems manager, for ASL Roma 1, Italy's largest local health authority.
A partner at Deloitte Italy Cyber Risk Services, Battelli has 25 years consulting experience with a specific focus on ICT/Cybersecurity where he is well-recognized trusted advisor and subject matter expert in critical infrastructure protection (CIP).
