Use Case 3

NEMECYS Use Case 3

Debiotech provides medical device development services, with strong competencies in mobile applications, either in Software as a Medical Device (SaMD) scenarios, or as a part of a larger system. Debiotech can offer the solution to a growing number of customers who need cybersecurity in their mobile software applications.

This case study is built around the development and use of a Class IIb mobile phone application capable of connecting to other medical devices and to a remote server.


A mobile application intended for therapy support or diagnosis is an active medical device according to the classification rules of the MDR. Mobile phones are an uncontrolled environment. The patient can install whatever applications they wish, and this increases the difficulty linked to ensuring the safe operation of a phone application.

The main challenge is to maintain the patient’s freedom to use their phones while providing a high level of security for the medical application. The overall level of cybersecurity in a clinical setting not only depends on the level of security implemented on the device itself, but a holistic approach is also needed to address the entire environment.

Therefore, the implementation of the server part of the solution will need to consider factors such as the healthcare provider’s infrastructure, its organization, and operational factors