CYMEDSEC project pioneers medical device cybersecurity in the era of Internet of Medical Things.

The CYMEDSEC project will create new cybersecurity standards based on the “security-by-design” approach: funded by the EU and launched last week in Berlin, it will gather evidence from real-world cases and establish a benefit/risk toolbox for industry and regulators. The project consortium brings together experts in regulatory, cybersecurity, technology, and clinical fields to develop secure solutions for Internet of Medical Things (IoMT) devices.

Interdependence of device
and network infrastructure design,
device, and network cybersecurity
technology and (cybersecurity)

In recent years, the healthcare sector emerges as a prime target for cyberattacks. Startling statistics from 2022 reveal that 35% of all cyberattacks were directed at the healthcare industry, a concerning trend that shows a continue increase. On average, the cost of a healthcare data breach is estimated at $7.13 million, the highest among all industries. The implications for patient privacy and healthcare providers’ financial stability are profound, raising urgent concerns about the industry’s cybersecurity readiness.

Cybersecurity is not just about safeguarding data: it’s about guaranteeing confidentiality, integrity, and availability of medical digital services. In an era where the healthcare supply chain is vulnerable to cybercrime, the question is not if but when the next cyberattack will occur. Navigating the complex regulatory requirements can be a daunting challenge, but the need for a transition towards better processes for regulatory oversight and a security-by-design model has never been more crucial.

One of the most pressing concerns is the security of digital medical devices, with over 2 million different types currently in use, boasting an average age of 14 years. Experts believe that 75% of these devices are at risk of cybersecurity breaches.

Nonetheless, “IoMT devices are increasingly important in the delivery of healthcare” states Stephen Gilbert, Professor at the TUD Dresden University of Technology (Germany) and coordinator of the project, “during the Covid pandemic, remote patient monitoring became crucial. The patients could leave hospital early and be monitored at their own homes. But this requires the remote devices to perform safely and to be protected from hacking or ransomware on a systematic level”.

Smarter, adaptive, and evidence-based regulatory approaches are imperative, drawing from real-world use scenarios.

The CYMEDSEC consortium is composed by the TUD Dresden University of Technology (Germany) together with the Vrije University of Bruxelles (Belgium), Barkhausen Institute (Germany), Athena Research Centre (Greece), Casa Sollievo della Sofferenza Foundation (Italy), Secunet (Germany), Particle Summary (Portugal); Espirito Santo Hospital of Evora (Portugal), ICONS Foundation (Italy), Umana Medical Technologies (Malta), Austrian Standards International (Austria) and Medisante Group (Switzerland).


The Évora Hospital (HESE), Portugal, will use IoMT network systems from partner PARTICLE, who will provide the PARTICLE Care gateway, PARTICLE Care App and PARTICLE Care Portal.
PARTICLE Care uses connected Medical Devices (MD) (like blood pressure, pulse oximeter, smart scales) and non-MD (like activity bands and smart home sensors) to track wellbeing and activity.

PARTICLE Care System, supporting patient’s remote hospitalisation and transportation.

The remote monitoring devices explored will be associated with third party MD manufacturers, and will be of different risk classes, and likely include the following: spirometers (for measuring the volume of air inspired and expired by the lungs), devices for measuring glucose level, blood pressure, pulse oxygenation, heart rate, weight and body composition, respiratory function, and body temperature.