Cyber securitY tooLbox for COnnected MEdical Devices

Cybersecurity risk assessment and tools for connected medical devices

Digitalisation in the health sector means medical devices connected to IT networks combined with innovative technologies (AI, cloud computing, blockchain, and 5G networks), resulting in cost-effective and efficient personalised care. However, cyberattacks are increasing. The EU-funded CYLCOMED project envisages strengthening the cybersecurity of connected, in vitro diagnostic, and software as medical devices, maintaining their performance and safety for patients and preserving or increasing exchanged private data confidentiality, integrity and availability. CYLCOMED will combine technologically sovereign and trustworthy cybersecurity methodologies and toolboxes to deliver a risk assessment framework with risk-benefit analysis schemes and address cybersecurity risks and gaps. The project will provide healthcare staff with tailored training and awareness measures.

Objective

Accelerated digitalisation in health sector brings opportunities for cost-effective and efficient delivery of personalised care, through medical devices (including software) connected to IT networks and increasingly combined with novel technologies (AI, cloud computing, blockchain or 5G networks) and simultaneously Europe is witnessing an increase in the complexity and sophistication of attacks threatening such critical infrastructure. CYLCOMED addresses the overall ambitious goal of strengthening the cybersecurity of connected, in vitro diagnostic and software as medical devices (CMDs, IVDs, SaMD), maintaining their performance and safety for patients and preserving or enhancing the confidentiality, integrity and availability of private data they exchange or allow to be remotely accessed and focusing on humans operating the technology as the weakest link in the chain for security and privacy, with training and awareness measures tailored to healthcare staff needs. It does so by enabling adoption by all ecosystem stakeholders of technologically sovereign and trustworthy cybersecurity methodologies and toolboxes for connected medical devices and the environments in which they are managed and operate (platforms), complemented with fit-for-purpose guidance covering identifed risks and gaps. It will further deliver: (i) risk assessment framework with risk benefit analyses schemes and (ii) toolbox addressing cybersecurity risks and gaps in connected medical devices;(iii) assessment and extension of baseline standards, best practices and guidelines covering challenges for CMDs including SW, making them fit for purpose when used in conjunction with novel technologies; (iv) demonstrations and case studies in relevant on premise hospital scenarios (COVID-19 patients monitoring) and remote telemonitoring scenarios improving the life of paediatric patients. CYLCOMED has 9 partners from 7 EU Member States and 1 associate partner from Switzerland and a duration of 36 months.