The CYMEDSEC Horizon Europe project will create new cybersecurity standards based on the “security-by-design” approach: funded by the EU and launched last week in Berlin, it will gather evidence from real-world cases and establish a benefit/risk toolbox for industry and regulators. The project consortium brings together experts in regulatory, cybersecurity, technology, and clinical fields to develop secure solutions for Internet of Medical Things (IoMT) devices within a four year project period.
In recent years, the healthcare sector emerges as a prime target for cyberattacks. Startling statistics from 2022 reveal that 35% of all cyberattacks were directed at the healthcare industry, a concerning trend that shows a continue increase. On average, the cost of a healthcare data breach is estimated at $7.13 million, the highest among all industries. The implications for patient privacy and healthcare providers’ financial stability are profound, raising urgent concerns about the industry’s cybersecurity readiness.
Cybersecurity is not just about safeguarding data: it’s about guaranteeing confidentiality, integrity, and availability of medical digital services. In an era where the healthcare supply chain is vulnerable to cybercrime, the question is not if but when the next cyberattack will occur. Navigating the complex regulatory requirements can be a daunting challenge, but the need for a transition towards better processes for regulatory oversight and a security-by-design model has never been more crucial.
One of the most pressing concerns is the security of digital medical devices, with over 2 million different types currently in use, boasting an average age of 14 years. Experts believe that 75% of these devices are at risk of cybersecurity breaches.
Nonetheless, IoMT devices are increasingly important in the delivery of healthcare during the Covid pandemic, remote patient monitoring became crucial. The patients could leave hospital early and be monitored at their own homes. But this requires the remote devices to perform safely and to be protected from hacking or ransomware on a systematic level”. Smarter, adaptive, and evidence-based regulatory approaches are imperative, drawing from real-world use scenarios, ” states Stephen Gilbert, Professor of Medical Device Regulatory Science at the TUD Dresden University of Technology and coordinator of the project,
The CYMEDSEC consortium is composed by the TUD Dresden University of Technology together with the Vrije University of Bruxelles (Belgium), Barkhausen Institute (Germany), Athena Research Centre (Greece), Casa Sollievo della Sofferenza Foundation (Italy), Secunet (Germany), Particle Summary (Portugal), Espirito Santo Hospital of Evora (Portugal), ICONS Foundation (Italy), Umana Medical Technologies (Malta), Austrian Standards International (Austria) and Medisanté (Switzerland).