CYLCOMED

The main objective of the project is to achieve accelerated digitization in the healthcare sector to provide opportunities for cost-effective and efficient delivery of personalized care services, through medical devices (including software) connected to IT networks and increasingly combined with new technologies (AI, cloud computing, blockchain or 5G networks).

Europe is witnessing an increase in the complexity and sophistication of attacks threatening critical infrastructures in the healthcare sector, which is why CYLCOMED aims to create a mechanism to strengthen cybersecurity in this field, ensuring security for patients and preserving or improving the confidentiality, integrity and availability of private data they exchange, or allow remote access to them. It also seeks to focus on the humans operating the technology, as they are considered the weakest link in the chain for security and privacy, with training and awareness-raising measures tailored to the needs of healthcare staff. To this end, it will enable all stakeholders in the ecosystem to adopt technologically sovereign and reliable cybersecurity methodologies and tools for connected medical devices and the environments in which they are managed and operated (platforms), complemented by appropriate guidance covering identified risks and gaps.

In a nutshell, CYLCOMED will provide: (i) risk assessment framework with risk-benefit analysis schemes and (ii) toolbox addressing cybersecurity risks and gaps in connected medical devices; (iii) assessment and extension of basic standards, best practices and guidelines covering challenges for CMDs, including SW, making them fit for purpose when used together with novel technologies; (iv) demonstrations and case studies in relevant facilities, hospital scenarios (COVID-19 patient monitoring) and remote telemonitoring scenarios improving the lives of pediatric patients.

CYLCOMED is involving three hospitals in pilots to validate the developed toolkit.

Our role

RD Spain is leading WP5 (Cybersecurity Toolbox Design and Implementation) and contributes to WP3 (CYLCOMED Requirements, Cybersecurity Baseline and Guidance Improvements) and also to WP4 (Risk Management for Connected Medical Devices) as well as to cross-cutting activities such as legal and ethical implications asessment, in addition to dissemination, exploitation and training.

RD Spain participation participation brings to CYLCOMED the joint expertise of its Cybersecurity and Blockchain, Identity and Privacy Units. It is a vital contributor to CYLCOMED as leader of the key technical work package that will carry out the design and implementation of the Cybersecurity Toolbox as a key project outcome that will allow stakeholders of the Connected Medical Devices ecosystem to avoid and prevent different cyber-risks especially as they become integrated with novel technological environments (like 5G, AI, cloud computing or blockchain).

The toolbox will help stakeholders achieve an adequate balance between safety and security controls considering needs of different scenarios (e.g., telemedicine, in transit telemonitoring and in-hospital use of devices). In particular, RD Spain will help integrate various specific tools covering AI-based behavioural analysis for Connected Medical Devices, integrated visualisation of information to compose an overall situational security picture, decentralised user authentication/access control and data protection for medical data based on novel encryption schemes.

The experience acquired during the project will allow to significantly mature these solutions by integrating them into the toolbox and testing them in the context of clinical studies envisaged in the project, paving the way for new business opportunities and potential partnerships for Atos in the domain of cybersecure healthcare provision, a strategic sector which is increasingly the target of cyber-threats and where there is a steeply growing demand for such solutions reinforced by the requirements and obligations of the Medical/In Vitro Devices Regulations.

Project website