EMPOWERING SECURITY IN EUROPE’S DIGITAL HEALTHCARE SYSTEMS

ABOUT CYMEDSEC

CYMEDSEC strives to bolster industry growth, enhance patient safety, and facilitate accessible regulatory processes for enterprises within the EU connected medical devices and in vitro diagnostics industry.

THE INTERNET OF MEDICAL THINGS (IOMT)

Revolutionizing Patient Care in the Digital Era

Across many EU countries, various aspects of patient care have already been influenced by digital transformation, a trend expected to continue with advancements that were previously unimaginable for patients accustomed to non-digitized care.

IoMT, short for the Internet of Medical Things, encompasses a connected ecosystem of medical devices, software applications, and health services, enabling the collection, analysis, and transmission of health data. IoMT devices, ranging from wearable health monitors to sophisticated diagnostic machines, will deeply transform our healthcare experience and well-being, as they will:

  • EMPOWER REAL-TIME REMOTE PATIENT MONITORING;
  • ENHANCE DIAGNOSTIC ACCURACY;
  • PERSONALIZE TREATMENT PLANS;
  • PROMOTE PATIENT ENGAGEMENT IN THEIR HEALTHCARE JOURNEY.

Leveraging its connectivity, IoMT enhances the efficiency, accuracy, and accessibility of healthcare and delivers substantial benefits to patients, healthcare providers, and medical researchers. Despite the immense potential of digital healthcare, concerns for cybersecurity, data protection, and privacy remain paramount. With these challenges in mind, CYMEDSEC addresses IoMT cybersecurity comprehensively, focusing on securing connected medical devices and in vitro diagnostics.

THE PROBLEM

Common threats to cybersecurity of IoMT 

Robust cybersecurity measures are essential to safeguard the integrity of IoMT devices and protect sensitive health data from evolving cyber threats.

Due to their interconnected nature and integration into the broader healthcare ecosystem, IoMT devices face an array of cybersecurity challenges. These challenges stem from their susceptibility to various vulnerabilities, including data breaches, device tampering, man-in-the-middle attacks, and denial of service (DoS) attacks. Each of these vulnerabilities poses significant risks to the security and integrity of IoMT systems and the sensitive health data they handle.

Real story

In 2020, a cyber-attack paralyzed a University Hospital in Germany, forcing emergency patients to seek care elsewhere. Tragically, reaching another hospital, one patient died, amplifying the grim reality of cyberattacks on healthcare.

Moreover, this interconnectedness of IoMT devices makes them potential entry points for more severe cyber threats, such as ransomware attacks. These attacks can infiltrate and compromise the entire network of interconnected medical devices and systems, leading to widespread disruptions in healthcare services and potential harm to patients. Consequently, the cybersecurity risks associated with IoMT devices are multifaceted and far-reaching, necessitating robust measures to mitigate these risks and ensure the resilience of healthcare infrastructure against evolving cyber threats.

CYBERSECURITY BY DESIGN

Making connected medical devices more secure from their inception

Cybersecurity-by-design is about building security measures into medical devices and systems right from the start. This approach aims to make sure that connected healthcare technologies, like those in the IoMT, are safe and secure.

Cybersecurity-by-design is a strategic approach to building secure medical devices and systems by integrating security measures into their design and development process from the very beginning. This proactive method is essential in ensuring that connected healthcare technologies, particularly those within the IoMT, are robust and resilient against cyber threats. By incorporating advanced security technologies and adhering to ethical and legal principles, cybersecurity-by-design aims to create a solid foundation for these devices and systems, bolstering their protection against potential vulnerabilities and attacks.

The goal of this design principle is to enhance the overall cybersecurity posture of IoMT devices and systems, thereby instilling trust and confidence among patients, healthcare providers, and stakeholders.

THE BENEFIT-RISK TOOLBOX

Strategic Solutions for tomorrow’s health innovations 

An online checklist tool based on cataloged cybersecurity issues will be developed and shared with the community. Additionally, structured data outputs for cybersecurity risk assessment will be generated for manufacturers, along with open-source online assistance tools tailored to different risk classes of medical devices and in vitro diagnostics (IVDs).

Manufacturers’ requirements to conduct benefit-risk analyses are delineated in both the Medical Device Coordination Group (MDCG) Guidance 2019-16 and the Medical Device Regulation (MDR) Annex I.

MDCG

the Medical Device Coordination Group (MDCG) is an European Union organization responsible for providing guidance and recommendations on the implementation of medical device regulations within the European Union.

MDR 

The European Union Medical Device Regulation is a comprehensive regulatory framework governing medical devices within the European Union.

These regulatory frameworks go beyond individual security risks, mandating a comprehensive evaluation based on a device’s intended use and its potential impact on safety and performance, integrating cybersecurity aspects through safety risk assessments. Manufacturers are tasked with establishing and documenting risk acceptance criteria, offering vital guidance for implementing tailored measures to address cybersecurity risks, with CYMEDSEC playing a pivotal role in advancing these efforts.

Identified risks and gaps will be cross-referenced with insights from systematic literature reviews, with novel risks identified and potential mitigation strategies proposed. An easy-to-use online checklist tool, based on a catalog of cybersecurity issues, will be developed and made accessible to the community through the CYMEDSEC Digital Library. Moreover, structured data outputs for cybersecurity risk assessment will be generated, serving as a foundational resource for manufacturers, adaptable to their diverse use cases. A suite of risk-benefit analysis methodologies and accompanying open-source online assistance tools will be developed to cater to different risk classes of medical devices (MDs) and in vitro diagnostics (IVDs).

623

Ransomware incidents from May 2021 to June 2022 (source: ENISA)

5th

Healthcare is the fifth most targeted sector of those attacks

CASE STUDIES

The research on the ground

CYMEDSEC case studies will explore IoMT device impact on patients and simulate cybersecurity attacks in real-world digital laboratories.

The project will conduct case studies to assess the relevance of existing guidance and recommend tailored improvements for connected medical devices of different risk classes. The focus of CYMEDSEC will be on networks of IoMT devices and in vitro diagnostics, including those utilized in clinics, for remote patient monitoring (RPM), and for wellness purposes.

Some of these case studies will explore the impact and usability of secured IoMT devices on patients and healthcare professionals in actual care settings. Others will simulate the behavior of such devices under cybersecurity attacks, utilizing real-world IoMT digital laboratories and innovative approval, implementation, and evaluation processes.

318.000

Extimated number of mobile health apps on the market (2018), with over 4 billions downloads

280 billion

Predicted value of the mobile health market in 2027

The digital laboratories, hosted by experienced healthcare providers, will employ IoMT interoperability and management capabilities to secure global connectivity for patients. CSS in Italy will focus on remote patient monitoring for healthcare, while HESE in Portugal will utilize IoMT network systems for remote patient monitoring in conjunction with medical devices and in vitro diagnostic devices from various manufacturers, incorporating non-medical devices like activity bands and smart home sensors to track wellbeing and activity levels.

THE CONSORTIUM

A multidisciplinary team

CYMEDSEC relies on a diverse range of expertise across different areas to effectively address the complexities of medical device (MD) and in vitro diagnostics (IVD) cybersecurity. The selection of partners within the CYMEDSEC consortium has been meticulously undertaken to ensure complementing skills and alignment of perspectives, facilitating a holistic approach to cybersecurity in healthcare.

LATEST UPDATES

Find out the most up-to-date news and events about CYMEDSEC