After three years of collaborative research and development, the NEMECYS project has successfully concluded, delivering concrete tools, methodologies and validated use cases to support cybersecurity by design for connected medical and diagnostic devices. The project addressed critical gaps between regulatory guidance and real-world implementation, offering practical solutions that can be applied across the lifecycle of connected medical devices.
As medical and diagnostic devices increasingly rely on connectivity, software and data exchange, cybersecurity risks have become a central concern with direct implications for patient safety, clinical reliability and trust in digital health technologies. NEMECYS responded to this challenge by developing integrated approaches that support manufacturers, system integrators and healthcare providers in identifying, assessing and managing cybersecurity risks in a proportionate and structured manner.
A core element of the project was the development and validation of its results through real-world use cases covering a range of connected medical technologies, including wearable monitoring devices, mobile diagnostic and therapy applications, biosensing systems and in vitro diagnostic devices. These use cases ensured that the tools and procedures developed were grounded in realistic operational settings and applicable across different device types, software components and risk profiles.
Building on these use cases, NEMECYS produced a set of technical and methodological solutions that support cybersecurity risk-benefit analysis, regulatory compliance considerations and the secure integration of connected medical devices into complex healthcare environments. Particular attention was given to software-driven and data-intensive devices, including those incorporating AI or machine learning components, as well as to the needs of small and medium-sized manufacturers facing increasing regulatory and technical complexity.
In parallel, the project contributed evidence-based insights to regulatory and policy discussions at European level. In line with the objectives of its funding call, NEMECYS engaged with the Medical Device Coordination Group and the the MDCG Working Group on New Technologies – responsible for the MDCG 2019-16 guidance document -, sharing practical observations derived from implementation experience and case study analysis. This work supported ongoing reflection on the applicability and evolution of cybersecurity guidance for connected medical devices.
By the end of the project, NEMECYS has strengthened the capacity of industry and healthcare stakeholders to address cybersecurity challenges without hindering innovation, while also providing regulators and policymakers with empirically grounded input. The project leaves behind a solid foundation of tools, knowledge and validated practices that can continue to support safer, more secure and trustworthy connected medical devices in Europe.
Download the press release here.