Nowadays, medical devices are becoming more advanced, most contain software and connect to the internet, hospital networks, mobile phones, or other devices to share information. For this reason, making sure medical devices are cyber secure is a priority.
Security issues in the healthcare sector start by fragmentation and lack of privacy and cyber awareness. A programmatic approach to identification, mitigation, and remediation of risk should be developed and implemented and it is important to introduce security aspects related to cyber risk at the initial design phase.
In order to overcome the design limitations of medical devices or systems that poorly include security engineering aspects regarding cyber risks, PANACEA proposes a Security-by-Design Framework (SbDF). The main concept is to make systems as free of vulnerabilities and impervious to attacks as possible through different cyber security measures that should be integrated into the design process so that the devices will be designed secure from the foundations. The SbDF was conceived to support Medical Devices and Systems manufacturers for the whole development process to perform risk assessment and at the same time to continuously monitor the compliance to standards, through by two technological solutions: the Secure Design Support Platform (SDSP) developed by RHEA and the Compliance Support Tool (CST) developed by RINA.
This video features both the SDSP (up to 04:40) and CST (from 04:45), which can be used together or as sandalone solutions. Watch the new video here.
The PANACEA Secure Design Support Platform
PANACEA partner, RHEA, has used its experience from the space sector to develop a powerful new tool that lets users create more secure complex systems using security by design principles. The Secure Design Support Platform helps designers perform security risk assessment for complex systems during the various phases of the engineering lifecycle, automatically calculating the risk level of each IT asset. It also gives system architects a clear view of the security envelope, enabling a better tuning of security requirements and the proper management of cyber risks.
Underpinning this is a deep understanding of the challenges facing the healthcare sector with requirements and expertise gathered from PANACEA healthcare organisations.
The Secure Design Support Platform:
The Secure Design Support Platform simplifies the complexity of building or joining complex systems together, making it a more manageable task despite the many moving parts.
Above all, it creates confidence. No job is too big and the end results will always be secure.
PANACEA Compliance Support Tool
PANACEA healthcare stakeholders can benefit from the experience of RINA, as a global corporation providing engineering and consultancy services, as well as certification, testing, and inspection across different industries. In PANACEA, RINA uses its capacities in cybersecurity advisory and certification in health sector to provide a valuable support to secure-by-design medical device manufacturers, hospitals and healthcare application providers through the Compliance Support Tool (CST), a powerful and flexible instrument to conduct conformity assessment and ease the path towards certification issue.
The experience of RINA in certification and cybersecurity allows healthcare stakeholders to set the best configuration of standards and regulations from security management and healthcare sectors, within a framework aligned with the most professional European reference on cybersecurity certification ENISA (European Union Agency for Cybersecurity).
The Compliance Support Tool helps healthcare stakeholders (medical devices manufacturers, healthcare application providers and hospitals) to ease the path to cybersecurity by increasing scheme applicability, assurance in the engineering process, and filling the gap of information asymmetry between producers and consumers of software/medical devices that cause assurance unclarity and vulnerability.