Skip to content

NEMECYS Logo

About

The cyber compass was developed and published by SINTEF as part of the NEMECYS project as a response to challenges first identified by the project use case partners. The challenges have further been confirmed and expanded after interactions with multiple stakeholders in Europe independent from the project through workshops and interviews.

The NEMECYS project target three stakeholder groups that reflects the lifecycle of connected medical devices:

  • Design time: CMD Manufacturers
  • Integration into connected multi-stakeholder scenarios: CMD System Integrators
  • In the operation of these scenarios: Operators (such as hospitals or care providers)

The challenges

Manufacturers of CMDs are working under pressure to get their products out on the market as quickly as possible. New medical devices can help patients with various sufferings and improve their quality of life. Thus, the sooner a medical device is available for patients, the sooner it can reduce their suffering, and improve the efficiency and reduce costs of the healthcare system. In order for CMDs to fulfil their purpose, we need to ensure that they are safe and secure to use. Also, as part of the approval process of new medical devices defined in the MDR and IVDR, it is required to provide a state of the art report for all new medical devices that incorporates software or software that are medical devices in themselves. The report should elaborate on the principles of the development life cycle and risk management including the information security, verification, and validation process. Security flaws in CMDs can be exploited to cause harm to the patient or cause a failure in the device, and it is therefore very important to implement security mechanisms to prevent such incidents. However, identifying all the relevant and necessary regulations, standards, guidelines, and best practices on cybersecurity for CMDs is a cumbersome process, which requires time and resources. Large companies and organizations often have their own dedicated personnel who have the responsibility to identify such documents, but for smaller companies, this may be a real challenge. Also, there is a lack of comprehensive guidance regarding security mechanisms and practices during the design phase of medical devices. These challenges are standing in the way of getting the products out on the market quickly.

Info

  • You can find more information about the NEMECYS project on the project website: https://nemecys.eu/