Nowadays, medical devices are becoming more advanced, most contain software and connect to the internet, hospital networks, mobile phones, or other devices to share information. For this reason, making sure medical devices are cyber secure is a priority.
Security issues in the healthcare sector start by fragmentation and lack of privacy and cyber awareness. A programmatic approach to identification, mitigation, and remediation of risk should be developed and implemented and it is important to introduce security aspects related to cyber risk at the initial design phase.
In order to overcome the design limitations of medical devices or systems that poorly include security engineering aspects regarding cyber risks, PANACEA proposes a Security-by-Design Framework (SbDF). The main concept is to make systems as free of vulnerabilities and impervious to attacks as possible through different cyber security measures that should be integrated into the design process so that the devices will be designed secure from the foundations. The SbDF was conceived to support Medical Devices and Systems manufacturers for the whole development process to perform risk assessment and at the same time to continuously monitor the compliance to standards, through by two technological solutions: the Secure Design Support Platform (SDSP) developed by RHEA and the Compliance Support Tool (CST) developed by RINA.

This video features both the SDSP (up to 04:40) and CST (from 04:45), which can be used together or as sandalone solutions.  Watch the new video here.

The PANACEA Secure Design Support Platform

PANACEA partner, RHEA, has used its experience from the space sector to develop a powerful new tool that lets users create more secure complex systems using security by design principles. The Secure Design Support Platform helps designers perform security risk assessment for complex systems during the various phases of the engineering lifecycle, automatically calculating the risk level of each IT asset. It also gives system architects a clear view of the security envelope, enabling a better tuning of security requirements and the proper management of cyber risks.

Underpinning this is a deep understanding of the challenges facing the healthcare sector with requirements and expertise gathered from PANACEA healthcare organisations. 

 The Secure Design Support Platform: 

  • Lets users click and drag to build the system or medical device they want, leveraging all the capability needed while everything in the background maximises ease of use. 
  • The system interacts with system and software requirements and design elements.
  • Easily assesses threats, vulnerabilities and risks, categorising them with colour identifiers: from red to green. 
  • Identifies the weak side of the system designers are developing by pinpointing major risks and providing the means to reduce them through tailored security controls.
  • The tool is well-protected as confidential information is guarded through role-based access, letting key players communicate securely while tracking and checking design histories. 

The Secure Design Support Platform simplifies the complexity of building or joining complex systems together, making it a more manageable task despite the many moving parts. 

Above all, it creates confidence. No job is too big and the end results will always be secure. 

PANACEA Compliance Support Tool

PANACEA healthcare stakeholders can benefit from the experience of RINA, as a global corporation providing engineering and consultancy services, as well as certification, testing, and inspection across different industries. In PANACEA, RINA uses its capacities in cybersecurity advisory and certification in health sector to provide a valuable support to secure-by-design medical device manufacturers, hospitals and healthcare application providers through the Compliance Support Tool (CST), a powerful and flexible instrument to conduct conformity assessment and ease the path towards certification issue.

  • Accommodating regulatory requirements in such a way to be monitored by health devices/systems manufacturers, ensuring compliance tracing and evaluation against desiderata standards in the healthcare sector but relevant to cybersecurity.
  • Designed both for 1st part (internal) auditing to support self-awareness on regulatory side during the development phase, and 3rd party audit valuable for certification actions as a support to the audit activities.
  • A flexible configuration and management of the standards that can be grouped to fit the needs of the user and link them to relevant processes or design phases. IAd hoc templates can be created for each medical device or system under assessment and easily associated with the most relevant standards articles in terms of cybersecurity. 

The experience of RINA in certification and cybersecurity allows healthcare stakeholders to set the best configuration of standards and regulations from security management and healthcare sectors, within a framework aligned with the most professional European reference on cybersecurity certification ENISA (European Union Agency for Cybersecurity).

The Compliance Support Tool helps healthcare stakeholders (medical devices manufacturers, healthcare application providers and hospitals) to ease the path to cybersecurity by increasing scheme applicability, assurance in the engineering process, and filling the gap of information asymmetry between producers and consumers of software/medical devices that cause assurance unclarity and vulnerability.