CYMEDSEC

ABSTRACT:

For the EU health industry to be competitive and to sustainably deliver internationally leading care quality, it is important that EU regulation, guidelines and standards enable effective and interoperable digital health innovation and promote a vibrant entrepreneurial EU sector. Safety and competitiveness are not mutually exclusive. To deliver on them requires a pace and intensity of technological innovation that is matched by intensive regulatory innovation. Smarter, adaptive, dynamic, and evidence-based regulatory approaches are needed, based on real world experience in representative use scenarios. CYMEDSEC has been designed with an optimum consortium of regulatory, cybersecurity, technology, evaluation, and clinical EU experts to address exactly this challenge. It provides close feedback loops between new technological paradigms and recommendation of regulatory approaches, fostering regulatory science fresh thinking. It will deliver novel security-by-design solutions for the oversight of ‘Internet of Medical Things’ (IoMT) devices, including connected in vitro diagnostics. IoMT ‘fleet’ cybersecurity oversight systems will be developed. Use cases explored include remote patient monitoring and critical care scenarios, for which the project will develop novel and highly secure gateway middleware. Our technological and methodological advancement will go hand-in-hand with detailed review of regulations and guidelines, the formal creation of a new IoMT cybersecurity standard, and evidence collection from representative case studies. These objectives are holistically interlinked, with learnings form each work area feeding into development and proposals in other areas. Key to this is the in-project development of a cybersecurity benefit-risk toolbox, which will further develop the state of the art, using qualitative and quantitively approaches, and will make these available as easily usable and findable Open-Source resources for manufactures and regulatory bodies.

AIM (WHAT)

The overall ambition of CYMEDSEC is to ensure that EU regulation, guidelines and standards enable effective and interoperable digital health innovation and promote a vibrant entrepreneurial EU sector by stimulating innovation. The project will especially focus on the cybersecurity of the ‘Internet of Medical Things’ (IoMT) of connected medical devices and in-vitro medical devices, and of their associated hubs and network infrastructure. To achieve its ambition, the CYMEDSEC consortium has identified the following objectives: (i) analysis of guidelines and standards; (ii) benefit-risk analysis and related benefit-risk toolbox for cybersecurity of connected medical devices; and (iii) exploration, development, and validation of novel methodologies and toolboxes for ensuring cybersecurity of connected medical devices by design.

METHODOLOGY (HOW)

The consortium members will explore the implications of three regulatory innovation levels, namely: minimal innovation, intermediate innovation, and ‘blue skies thinking’ in regulatory approaches. This exploration will focus on the current IoMT reality of available connected medical devices and in-vitro medical devices, as well as on their five-year and ten-year future developments. The CYMEDSEC project will also rely on representative case studies to collect evidence in all its approaches. For instance, the project members will observe the impacts of cybersecurity regulation and of cybersecurity technologies on real device and system approvals. Moreover, CYMEDSEC will work in synergy with related medical devices and in-vitro medical devices risk assessment activities.

IMPACT (WHY)

CYMEDSEC will contribute to maintaining an innovative, sustainable and globally competitive health industry in the EU. Concretely, the project impacts will include: EU commercial gains through regulatory efficiency and speed to market; better care for EU patients; more efficient delivery of safe healthcare; enhanced investments; and greater uniformity of uptake and cross-cutting advantages when combined with other digitisation, data, and modernisation strategies.