The beneficiaries of the NEMECYS project results are first and foremost in the healthcare industry, in particular medical device manufacturers, suppliers and integrators, and health care providers and operators. Also targeted are advisory bodies (notably the MDCG) and regulators, and patients and society as a whole. Additional target groups are the scientific community and cybersecurity experts.

There are 30k+ European medical technology companies, of which 95% are SMEs. They will get fit-for-purpose risk benefit analysis schemes and validated novel methodologies and toolboxes for ensuring cybersecurity of CMDs by design. These will be supported by clear and understandable guidelines from our contribution on how to deal with the potential and existing risks of connected medical devices, how to address these risks in alignment with the future regulatory and legal framework, and how to technically mitigate risks with our contributed tools and metrologies. Due our contribution MD manufacturers can put a much stronger focus on innovative connected solutions by reduced development efforts and risks. This will help them to put products faster on the European market. NEMECYS provides low-cost, automated solutions for MD cybersecurity, thus democratising access to this expertise for SME’s and Startups, and they will see reduced efforts and lower barriers to enter the medical device and solution industry as potential risks and mitigation efforts are more transparent for them.

There are 24k+ European hospitals delivering services under the auspices of numerous public and private bodies. They will have clearer guidance on the potential security impact of future CMDs which they plan to bring into their portfolio. By understanding the potential risks, healthcare providers can speed up sourcing and tender processes to get new solutions faster as decision processes are simplified by our risk benefit metrologies. Thus, CMDs will be far more accepted and used within health care settings, and will enable new and innovative care scenarios. This will help healthcare providers to address the shortages in the areas of skilled workers because these solutions will help to increase their productivity. The expected impact is mostly social from increased ability to provide better patient care and economic in that cybersecurity is efficiently applied.

All citizens will benefit from the higher availability of CMDs in healthcare settings, As the necessary security of these solutions is supported by our contribution, patients will have faster and lower risk access to them. Patient data used in CMDs will be better secured and protected from cyber threats. Quality of life will improve as challenging trips to hospitals can be minimized due to the availability of remote solutions in a home care environment. Several studies support the fact that patients benefit from healthcare at home. CMDs in some settings allow a much more detailed analysis of healthcare data, which enables higher-quality treatments, helps the reduction of side effects, and treatments are more timely and more cost-effective.

The results of NEMECYS will support these stakeholders due to a much faster and easier process of understanding existing or potential cyber risks of connected medical devices, especially in the context of novel technologies. Advisory bodies will produce more timely outputs, future legislation will be improved, and regulators will be able to accelerate approval processes due faster and easier understanding of the cyber risks of connected medical devices.

The outcomes of this project will contribute to the future availability and acceptability of connected medical devices. This will help to secure connected medical devices against Cyber threats and protect the availability of modern health care solutions as a whole; plus support of the broader establishment of connected solutions in healthcare settings which improves the future productivity of the healthcare sector as a whole.

Research and scientific communities will benefit from the knowledge generated by the NEMECYS project and will be able to build on or to exploit the results.

The tools and risk benefit analysis schemes resulting from the NEMECYS project will provide security experts with valuable knowledge on potential cyber risks in connected medical devices and how to address them.

What does NEMECYS aim for?

The main objectives of the NEMECYS project are:

  • Review relevant MD guidelines, with the objective of providing recommendations for improvement. In consultation with domain experts, four case studies will be used to identify gaps, recommendations to address the gaps, and identify best practice for the domain of Connected Medical Devices.
  • Investigate proportionate risk-benefit schemes extending existing state-of-the-art background, and provide cybersecurity risk assessment tools to accommodate connected medical device situations.
  • Deliver tools and toolboxes targeted at three user types that reflect the lifecycle of Connected Medical Devices (CMDs):
  • At design time supporting CMD Manufacturers,
  • during integration into connected multi-stakeholder scenarios supporting CMD System Integrators and
  • in the operation of these scenarios supporting Operators such as hospitals or care providers.

What to expect from NEMECYS?

The technological outcome of the NEMECYS project will be tool-supported methods facilitating semi-automatic CMD compliance, risk/benefit analysis, data privacy of software using AI/ML technology when it is used as a medical device, secure integration of CMDs in connected scenarios, CMD management and vulnerability detection. The NEMECYS tools and methods will be driven and validated by four case studies in relevant connected medical device scenarios.