NEMECYS will support practitioners such as device manufacturers, connected device system integrators, health care providers and cybersecurity communities who together deliver benefits to patients and the wider public, through advances in the cyber security of connected devices.
NEMECYS helps practitioners to
- comply with Medical Device (MD) regulations;
- to be able to apply proportionate MD cybersecurity (too little security risks exposure, too much is costly and can obstruct clinical care) and
- build in cybersecurity by design for both MDs and the connected scenarios they operate in.
This is achieved by
- providing recommendations for best practice and guidelines for MD cybersecurity by design, along with compliance assurance tooling;
- providing a risk-benefit scheme to address cybersecurity risk balanced with clinical benefit; and
- providing a set of specific tools to address MD cybersecurity by design and their deployment in connected scenarios.
The main objectives of the NEMECYS project are:
- review relevant Medical Device (MD) guidelines, under the scope of providing recommendations for improvement. In consultation with domain experts, four case studies will be used to identify gaps, recommendations to address the gaps, and identify best practice for the domain of Connected Medical Devices.
- investigate proportionate risk-benefit schemes extending existing state-of-the-art background, and provide cybersecurity risk assessment tools to accommodate connected medical device situations.
- deliver tools and toolboxes targeted at three user types that reflect the lifecycle of Connected Medical Devices (CMDs):
- at design time, supporting CMD Manufacturers,
- during integration into connected multi-stakeholder scenarios, supporting CMD System Integrators and
- in the operation of these scenarios, supporting Operators such as hospitals or care providers.
The technological outcome of the NEMECYS project will be tool-supported methods, facilitating
- semi-automatic Connected Medical Device (CMD) compliance,
- risk/benefit analysis,
- data privacy of software using AI/ML technology (when used as a medical device),
- secure integration of CMDs in connected scenarios,
- CMD management and vulnerability detection.
The NEMECYS tools and methods will be driven and validated by four case studies in relevant connected medical device scenarios.