Enhanced cybersecurity for networked medical devices through optimisation of guidelines, standards, risk management and security by design

HealthHORIZON-RIAID: 101094218
EC Contribution
€61,467
Consortium Size
12 orgs
Start Year
2023
Summary

For the EU health industry to be competitive and to sustainably deliver internationally leading care quality, it is important that EU regulation, guidelines and standards enable effective and interoperable digital health innovation and promote a vibrant entrepreneurial EU sector. Safety and competitiveness are not mutually exclusive. To deliver on them requires a pace and intensity of technological innovation that is matched by intensive regulatory innovation. Smarter, adaptive, dynamic, and evidence-based regulatory approaches are needed, based on real world experience in representative use scenarios. CYMEDSEC has been designed with an optimum consortium of regulatory, cybersecurity, technology, evaluation, and clinical EU experts to address exactly this challenge. It provides close feedback loops between new technological paradigms and recommendation of regulatory approaches, fostering regulatory science fresh thinking.It will deliver novel security-by-design solutions for the oversight of ‘Internet of Medical Things’ (IoMT) devices, including connected in vitro diagnostics. IoMT ‘fleet’ cybersecurity oversight systems will be developed. Use cases explored include remote patient monitoring and critical care scenarios, for which the project will develop novel and highly secure gateway middleware. Our technological and methodological advancement will go hand-in-hand with detailed review of regulations and guidelines, the formal creation of a new IoMT cybersecurity standard, and evidence collection from representative case studies. These objectives are holistically interlinked, with learnings form each work area feeding into development and proposals in other areas. Key to this is the in-project development of a cybersecurity benefit-risk toolbox, which will further develop the state of the art, using qualitative and quantitively approaches, and will make these available as easily usable and findable Open-Source resources for manufactures and regulatory bodies.

Consortium (12)

Project Results (30)

Source: CORDIS, the EU research results database.

Publications (17)
Attitudes of healthcare professionals and researchers toward wearable and app derived patient generated health data
npj Digital Medicine· 2025DOI
Stefanie Brückner; Olamide Sadare; Sabrina Fesl; Madlen Scheibe; Caroline Lang; Stephen Gilbert
CORE-MD clinical risk score for regulatory evaluation of artificial intelligence-based medical device software
npj Digital Medicine· 2025DOI
Rademakers, FE; Biasin, E; Bruining, N; Caiani, EG; Davies, RH; Gilbert, SH; Kamenjasevic, E; McGauran, G; O’Connor, G; Rouffet, J; Vasey, B; Fraser, AG
Multi-Stakeholder Policy Enforcement for Distributed Systems
Proceedings of the 10th International Workshop on Container Technologies and Container Clouds· 2025DOI
Robert Walther, Carsten Weinhold, Peter Amthor, Michael Roitzsch
RATLS: Integrating Transport Layer Security with Remote Attestation
Lecture Notes in Computer Science, Applied Cryptography and Network Security Workshops· 2025DOI
Robert Walther, Carsten Weinhold, Michael Roitzsch
A review of cybersecurity guidelines and standards for connected medical devices
· 2024DOI
Jahed, Fatemeh; Freyer, Oscar; Gilbert, Stephen
A transparent and standardized performance measurement platform is needed for on-prescription digital health apps to enable ongoing performance monitoring
PLOS Digital Health· 2024DOI
Cindy Welzel; Stefanie Brückner; Celia Brightwell; Matthew Fenech; Stephen Gilbert
Assessing LLMs in malicious code deobfuscation of real-world malware campaigns
Expert Systems with Applications· 2024DOI
Constantinos Patsakis, Fran Casino, Nikolaos Lykousas
Can we learn from an imagined ransomware attack on a hospital at home platform?
npj Digital Medicine· 2024DOI
Gilbert, Stephen; Ricciardi, Francesco; Mehrali, Tauseef; Patsakis, Constantinos
Consideration of Cybersecurity in the Benefit-Risk Analysis of Medical Devices: A Scoping Review and Recommendations
Crossref· 2024DOI
Oscar Freyer; Fatemeh Jahed; Max Ostermann; Christian Rosenzweig; Pascal Werner; Stephen Gilbert
Cybersecurity in the Hospital at Home: Assessment of Patient Risks when using IoMT devices
· 2024DOI
Ostermann, Max; Freyer, Oscar; Jahed, Fatemeh; Rosenzweig, Christian; Gilbert, Stephen
Cybersecurity Requirements for Medical Devices in the EU and US - A Comparison and Gap Analysis
· 2024DOI
Ostermann, Max; Gilbert, Stephen; Freyer, Oscar
Decoding developer password patterns: A comparative analysis of password extraction and selection practices
Computers & Security· 2024DOI
Nikolaos Lykousas, Constantinos Patsakis
Device Management in the Internet of Medical Things: A Systematic Review
Crossref· 2024DOI
Max Ostermann; Oscar Freyer; Fatemeh Jahed; Stephen Gilbert
Digital health technologies need regulation and reimbursement that enable flexible interactions and groupings
npj Digital Medicine· 2024DOI
Mathias, Rebecca; McCulloch, Peter; Chalkidou, Anastasia; Gilbert, Stephen
How can regulation and reimbursement better accommodate flexible suites of digital health technologies?
npj Digital Medicine· 2024DOI
Mathias, Rebecca; McCulloch, Peter; Chalkidou, Anastasia; Gilbert, Stephen
Journal of Medical Internet Research
Journal of Medical Internet Research· 2024DOI
Freyer, Oscar; Jahed, Fatemeh; Ostermann, Max; Rosenzweig, Christian; Werner, Pascal; Gilbert, Stephen
Methodologies for the benefit-risk analysis of medical devices: A systematic review
Crossref· 2024DOI
Oscar Freyer; Fatemeh Jahed; Max Ostermann; Mirko Feig; Stephen Gilbert
Deliverables (12)
Other Results (1)
Periodic Reporting for period 1 - CYMEDSEC (Enhanced cybersecurity for networked medical devices through optimisation of guidelines, standards, risk management and security by design)