MEDSECURANCE

Managing the risks of connected healthcare technologies

Technology has significantly improved healthcare – from the way patients access information to advancements in medical devices used for diagnosis and care. Wearable devices that continuously monitor and collect vital signs, including heart rate and blood oxygen levels, support smart medical diagnosis and monitoring, enabling new virtual care facilities and services. However, with the increasing numbers of connected devices come security risks. In this context, the EU-funded MEDSECURANCE project will develop new methodologies, infrastructures and technologies that enable the effective, harmonious development and evolution of a secure Internet of Medical Things. The project will design a scalable and verifiable security system-engineering solution co-developed and validated with medical industry partners and accompanied by proposed EU guidelines for increased assurance of connected health devices.

Objective

Advances in healthcare IT systems have resulted in complex socio-technical architectures, which deliver integrated and patient-centered services. All these transformations, in addition to clinical benefits, they also introduce risks including security risks that need to be understood and managed, reduced to acceptable levels. There are numerous reports of new types of security vulnerabilities for this kind of architectures, which challenge the effectiveness of the current security tools.

MEDSECURANCE will conceive novel methodologies, infrastructures, and technologies that enable an effective, harmonious and continuous development and evolution of secure system engineering management activities in Internet of Medical Things (IoMT). Our objective is to advance knowledge and basic understanding of decision making in diverse IoMT threat landscapes based on different system and component level interactions. This is accomplished via the development of a novel holistic strategy that considers the interdependence of several IoMT subsystems, information exchange, risk thresholds, and regulatory ramifications. We provide scalable and verifiable secure system engineering management solution(s) that capture, communicate, and act on these complexities in order to improve decision-making in cyber defence while automating cybersecurity assurance.

Our solution(s) will be co-developed and validated with our medical industry user partners, and complemented by engagement of healthcare industry stakeholders in support of the recommendations to existing guidelines that will also be developed in the project.