As the healthcare sector becomes more connected, the large volumes of data stored and maintained in healthcare organisations get increasingly exposed to cybersecurity risks for organisations and patients alike. Indeed, in a context of accelerated digital transformation of healthcare systems, cyberattacks of all types are on the rise worldwide, from ransomware (the largest global increase and greatest threat) to other forms of hacking: DDoS, hijacking, remote code execution, social engineering fraud scams or even insider threats that may result in largescale data breaches and unavailability of health critical infrastructures.
CYLCOMED will deliver an evidence-based comprehensive methodological and technical cybersecurity framework designed for health solutions relying on CMDs.
Aligned with the provisions of EU regulations on medical or in vitro diagnostic medical devices, including software
Designed according to state-of-the-art cybersecurity standards, guidelines and best practices
Covering fulfilment of cybersecurity requirements for CMDs lifecycle
CYLCOMED puts forward the vision of trustworthy, dependable and cost-effective health services and medical care delivered thanks to CMDs for near real-time and/or remote data sharing.
This vision can only be realised through strong security and safety foundations both at the methodological level (with the adoption of risk-benefit analysis schemes to identify and address cyber security risks and gaps when using CMDs) as well as technological and operational levels (with cybersecurity tools and corresponding virtual testing playgrounds realised through digital twins). The ultimate goal is twofold: on the one hand, to improve the effectiveness and quality of personalised healthcare services (assisting professionals in patient-centric activities through data-driven semi-automated monitoring), and on the other hand, to reduce risks and non-compliance costs.
CYLCOMED will provide a methodological and technical cybersecurity framework designed for healthcare services that use CMDs. Such a framework is aligned with the MDR and IVDR regulations but strengthens the adherence to requirements concerning safety, performance and IT security. In particular, CYLCOMED will:
- Identify gaps and introduce new safety and security requirements based on evidence, adapting such requirements to novel technologies (e.g. cloud computing, artificial intelligence);
- Identify security-related hazard categories and risk acceptance criteria according to the classification of medical devices;
- Promote a risk assessment framework built on risk-benefit analyses that respond to the identified requirements and gaps and consider the impacts of novel scenarios on risks (e.g. safety, performance and environmental differences of in-hospital with respect to. remote monitoring of patients);
- Provide tools that help mitigate risks and the increase of safety, security and performance of healthcare services relying on CMD/IVD/SaMD with consideration to challenges involving legacy devices;
- Demonstrate the performance and applicability of the implemented tools in two dedicated pilots, with a real-world validation performed by relevant stakeholders;
- Deliver training for end users to increase cybersecurity awareness;
- Promote the CYLCOMED approach in the scientific community and to relevant stakeholders in the market.