Periodic Reporting for period 1 - MEDSECURANCE (Advanced Security-for-safety Assurance for Medical Device IoT)
Berichtszeitraum: 2023-01-01 bis 2024-06-30
Context and Motivation
The health industry is a key driver for growth in the EU and has the capacity to provide technologies that benefit both patients and providers of healthcare services. The value chains involve a broad variety of actors from supply, demand and regulatory constituencies. In addition, the pathways for innovation in healthcare technologies are often long and complex. The development of novel healthcare technologies often encounter market barriers due to highly demanding quality and security requirements (e.g. clinical performance, safety, data privacy and cybersecurity) and market specificities (e.g. strong regulation, pricing and reimbursement issues). In addition, the growing concern for environmental issues is putting increased pressure on the healthcare industry. These combined challenges create a pressing need for research and innovation integrating various EU stakeholders to achieve innovative digital health technologies.
Escalating Threats
Inovations in medical device software development practices and tools provide the most promising solutions to address the complexity of increasingly connected medical devices and the escalating threat environment in which they operate. However, substantial technological challenges remain in achieving interoperability, dependability and trustworthiness at scale within the diverse commercial EU medical device market.
Solution
The MedSecurance project will develop novel methodologies, infrastructures, and technologies that enable an effective, harmonious and continuous development and evolution of secure Internet of Medical Things (IoMT). The project advances knowledge and understanding for decision-making in diverse IoMT security threat landscapes based on different system and component level interactions and interdependencies, and will provide scalable and verifiable secure system engineering management solutions that capture, communicate, and act on these complexities in order to improve cyberdefence while automating cybersecurity assurance.
The health industry is a key driver for growth in the EU and has the capacity to provide technologies that benefit both patients and providers of healthcare services. The value chains involve a broad variety of actors from supply, demand and regulatory constituencies. In addition, the pathways for innovation in healthcare technologies are often long and complex. The development of novel healthcare technologies often encounter market barriers due to highly demanding quality and security requirements (e.g. clinical performance, safety, data privacy and cybersecurity) and market specificities (e.g. strong regulation, pricing and reimbursement issues). In addition, the growing concern for environmental issues is putting increased pressure on the healthcare industry. These combined challenges create a pressing need for research and innovation integrating various EU stakeholders to achieve innovative digital health technologies.
Escalating Threats
Inovations in medical device software development practices and tools provide the most promising solutions to address the complexity of increasingly connected medical devices and the escalating threat environment in which they operate. However, substantial technological challenges remain in achieving interoperability, dependability and trustworthiness at scale within the diverse commercial EU medical device market.
Solution
The MedSecurance project will develop novel methodologies, infrastructures, and technologies that enable an effective, harmonious and continuous development and evolution of secure Internet of Medical Things (IoMT). The project advances knowledge and understanding for decision-making in diverse IoMT security threat landscapes based on different system and component level interactions and interdependencies, and will provide scalable and verifiable secure system engineering management solutions that capture, communicate, and act on these complexities in order to improve cyberdefence while automating cybersecurity assurance.
The project has carried out various analyses and modelling of medical device architectures and infrastructures, as well as detailing the various security vulnerabilities and threats for medical device architectures and applicable analysis and assessment methods. The stakeholder requirements were established with the specification of the industrial Use Cases and the prioritisation of the associated requirements for the tools and technologies for improved security and assurance of medical devices and systems.
Specifications of the technical requirements and the design of the automated Security Analysis and Assurance Toolbox has been specified using an architectural methodology where the toolbox and project technologies are described from different viewpoints. Research and development was carried out in collaboration with industrial Use Case partners for alignment with target IoMT development infrastructures that culminated in the delivery of the early prototypes of the IoMT tools for security modelling and secure communications; security level contracts within medical devices and systems; threat, vulnerability and risk analysis; and automated assurance in preparation for regulatory certification, all of which are supported by a newly created ontology of relevant medical devices, threats, vulnerabilities, and mitigations. The early prototype tools will undergo initial evaluations by the industrial Use Case partners in the opening months of the second half of the project.
Specifications of the technical requirements and the design of the automated Security Analysis and Assurance Toolbox has been specified using an architectural methodology where the toolbox and project technologies are described from different viewpoints. Research and development was carried out in collaboration with industrial Use Case partners for alignment with target IoMT development infrastructures that culminated in the delivery of the early prototypes of the IoMT tools for security modelling and secure communications; security level contracts within medical devices and systems; threat, vulnerability and risk analysis; and automated assurance in preparation for regulatory certification, all of which are supported by a newly created ontology of relevant medical devices, threats, vulnerabilities, and mitigations. The early prototype tools will undergo initial evaluations by the industrial Use Case partners in the opening months of the second half of the project.
MedSecurance ambitions will be achieved through five objectives addressing the evolving security challenges of today’s connected medical devices:
• Systematic review, concept, and gap analysis of security approaches for the Internet of Medical Things (IoMT)
• Development of harmonised tools and methods for the unification of automated security and safety assurance for certification of IoMT
• Development of a Security Assurance Automation Toolbox that accelerates and lowers IoMT certification costs
• Verification and Validation of the methods and tools by industry
• Updated regulatory recommendations, industry access and engagement of stakeholders
MedSecurance will develop an Assurance Toolkit with a number of innovative tools for healthcare architectures that will allow security to become an integral part of the development of European digital health services.
Expected Impact
The European medical technology market was estimated to be roughly €140 billion in 2020, with Europe representing 27% of the worldwide market, and is forecast to grow at a CAGR of 7.5% through 2026. The three major medical device user categories are Hospitals, Clinics and Home Care Settings -- each of which is represented by the three Use Cases included in the MedSecurance project.
The project will propose extensions to European healthcare regulations that will embrace advances in security and assurance technologies to better address the evolving risks posed by IoMT.
MedSecurance will deliver to Europe’s healthcare industry substantial benefits in the following areas:
• New measures to identify and address cybersecurity risks and gaps
• Risk benefit analysis and decision making capabilities for IoMT cybersecurity
• New methodologies and a assurance toolbox for ensuring IoMT cybersecurity
• New guidance covering challenges posed by connected medical devices
• Maintaining the performance of connected medical devices while enhancing safety, security, data confidentiality, integrity and availability
MedSecurance will lower the development costs and deliver greater assurance of the security, safety, and dependability of connected medical devices for a wide range of healthcare applications
• Systematic review, concept, and gap analysis of security approaches for the Internet of Medical Things (IoMT)
• Development of harmonised tools and methods for the unification of automated security and safety assurance for certification of IoMT
• Development of a Security Assurance Automation Toolbox that accelerates and lowers IoMT certification costs
• Verification and Validation of the methods and tools by industry
• Updated regulatory recommendations, industry access and engagement of stakeholders
MedSecurance will develop an Assurance Toolkit with a number of innovative tools for healthcare architectures that will allow security to become an integral part of the development of European digital health services.
Expected Impact
The European medical technology market was estimated to be roughly €140 billion in 2020, with Europe representing 27% of the worldwide market, and is forecast to grow at a CAGR of 7.5% through 2026. The three major medical device user categories are Hospitals, Clinics and Home Care Settings -- each of which is represented by the three Use Cases included in the MedSecurance project.
The project will propose extensions to European healthcare regulations that will embrace advances in security and assurance technologies to better address the evolving risks posed by IoMT.
MedSecurance will deliver to Europe’s healthcare industry substantial benefits in the following areas:
• New measures to identify and address cybersecurity risks and gaps
• Risk benefit analysis and decision making capabilities for IoMT cybersecurity
• New methodologies and a assurance toolbox for ensuring IoMT cybersecurity
• New guidance covering challenges posed by connected medical devices
• Maintaining the performance of connected medical devices while enhancing safety, security, data confidentiality, integrity and availability
MedSecurance will lower the development costs and deliver greater assurance of the security, safety, and dependability of connected medical devices for a wide range of healthcare applications