The CYMEDSEC project will create new cybersecurity standards based on the “security-by-design” approach: funded by the EU and launched on November 3 in Berlin, it will gather evidence from real-world cases and establish a benefit/risk toolbox for industry and regulators. The project consortium brings together experts in regulatory, cybersecurity, technology, and clinical fields to develop secure solutions for Internet of Medical Things (IoMT) devices.
In recent years, the healthcare sector emerges as a prime target for cyberattacks. Startling statistics from 2022 reveal that 35% of all cyberattacks were directed at the healthcare industry, a concerning trend that shows a continue increase. On average, the cost of a healthcare data breach is estimated at $7.13 million, the highest among all industries. The implications for patient privacy and healthcare providers' financial stability are profound, raising urgent concerns about the industry's cybersecurity readiness.
Cybersecurity is not just about safeguarding data: it's about guaranteeing confidentiality, integrity, and availability of medical digital services. In an era where the healthcare supply chain is vulnerable to cybercrime, the question is not if but when the next cyberattack will occur. Navigating the complex regulatory requirements can be a daunting challenge, but the need for a transition towards better processes for regulatory oversight and a security-by-design model has never been more crucial.
One of the most pressing concerns is the security of digital medical devices, with over 2 million different types currently in use, boasting an average age of 14 years. Experts believe that 75% of these devices are at risk of cybersecurity breaches.
Nonetheless, “IoMT devices are increasingly important in the delivery of healthcare” states Stephen Gilbert, Professor at the TUD Dresden University of Technology (Germany) and coordinator of the project, “during the Covid pandemic, remote patient monitoring became crucial. The patients could leave hospital early and be monitored at their own homes. But this requires the remote devices to perform safely and to be protected from hacking or ransomware on a systematic level”.
Smarter, adaptive, and evidence-based regulatory approaches are imperative, drawing from real-world use scenarios.
Within CYMEDSEC, Barkhausen Institut will enhance its secure-by-default computer architecture and operating-system platform for medical-device use cases. The research will focus on the development of hardware and software building blocks for secure communication and software update processes that are needed for safe, secure, and maintainable IoMT systems. Barkhausen Institut also investigates methods for detecting malicious modifications made to hardware circuitry during manufacturing, thereby ensuring that no "trojan horses" can hide in medical devices.
The CYMEDSEC consortium is composed by the TUD Dresden University of Technology (Germany) together with the Vrije University of Bruxelles (Belgium), Barkhausen Institute (Germany), Athena Research Centre (Greece), Casa Sollievo della Sofferenza Foundation (Italy), Secunet (Germany), Particle Summary (Portugal); Espirito Santo Hospital of Evora (Portugal), ICONS Foundation (Italy), Umana Medical Technologies (Malta), Austrian Standards International (Austria) and Medisante Group (Switzerland).