Medical assessment and design solutions for cybersecurity of connected medical devicesSecure Society Health & Wellbeing
The European health care system is moving toward personalised, distributed, and home-based services. This is made possible via new and improved connected medical devices (MDs) and in vitro diagnostic devices connected to the internet (together, CMDs), and will benefit health care providers in terms of reduced cost (fewer hospital beds) and improved service. Patients will see improved quality of life in terms of reduced travel time and reduced stress via treatment at home or where they want it. However, for these benefits to be fully realised, the cybersecurity of CMDs needs to be ensured.
NEMECYS will benefit practitioners such as cybersecurity communities, MD manufacturers, CMD scenario system integrators and CMD scenario operators (e.g. health care providers), with downstream benefits to patients and the wider public, through more cost-effective and efficient care enabled via effective and streamlined cybersecurity.
NEMECYS helps practitioners to (i) comply with MD regulations; (ii) to be able to apply proportionate MD cybersecurity (too little security risks exposure, too much is costly and can obstruct clinical care) and (iii) build in cybersecurity by design for both MDs and the connected scenarios they operate in. This is achieved by (i) providing recommendations for best practice and guidelines for MD cybersecurity by design, along with compliance assurance tooling; (ii) providing a risk-benefit scheme to address cybersecurity risk balanced with clinical benefit; and (iii) providing a set of specific tools to address MD cybersecurity by design and their deployment in connected scenarios.
The NEMECYS team has cybersecurity risk experts, two hospitals who are already implementing IoT and remote care-based scenarios, three medical device manufacturers, major computer science research players and experienced systems integrators. This team is ideally placed to ensure that NEMECYS can enable practitioners to apply the right security at the right place.
NEMECYS will address cybersecurity of connected medical devices (CMDs) via three integrated approaches.
IT Innovation's contribution is extensions to our risk modelling tool that enables cybersecurity risks to be assessed, to find the most appropriate security to mitigate the risks – enough security, but not too much, so that the security does not compromise the clinical benefits offered by the devices.