In the ENTRUST expert interviews, our dissemination leader, Future Needs, speaks with other project partners to discuss topics like connected medical devices, cybersecurity, and strategies to strengthen privacy across the entire medical ecosystem.
In this conversation, Egle Joneliunaite from Future Needs is joined by Roland Atoui from Red Alert Labs, the ENTRUST project’s standardisation partner.
Red Alert Labs is a leading IoT security lab and cybersecurity consulting agency dedicated to providing innovative, intelligent, and adaptable solutions for connected environments. As part of the ENTRUST project, Red Alert Labs is responsible for reviewing, conducting gap analyses, and classifying current standards, guidelines, and certification processes applicable to the cybersecurity of medical devices.
Key highlights of the interview:
We are increasingly surrounded by connected devices. Unfortunately, more than half of these devices remain vulnerable to common cyberattacks. This vulnerability contributes to a lack of trust, hindering the adoption of new technologies.
The EU’s Medical Device Regulation defines general requirements for securing medical devices. However, the only existing guidance for manufacturers on implementing countermeasures during the manufacturing process is limited. To address this, ENTRUST leveraged the diverse expertise within the consortium, which includes stakeholders from users to manufacturers, to develop a more effective approach to building trust in medical devices through technical, social, and legal means. This involves defining adaptable requirements to achieve better outcomes, and aligning with other European regulations and recognized standards.
ENTRUST’s mission is to enhance the security, reliability, and compliance of medical devices and systems through advanced certification and assurance services. This ensures that devices perform their intended functions securely and reliably, under both expected and unexpected conditions. In the medical domain, this requires ensuring that every component (software, hardware) adheres to specific security standards and requirements. The goal is to protect patient data confidentiality, maintain device integrity, and mitigate potential failures.
When certifying a product, the purpose of certification is to demonstrate that the product meets a specific set of security requirements—whether claimed by the vendor or expected by the market. These requirements are thoroughly assessed against relevant standards or schemes to ensure compliance. Certification within ENTRUST is based not only on technical enhancements but also on other aspects, such as social credibility and transparency, which often involve a third party. These aspects are reinforced by regulations to ensure commitment.
Certification is a process involving three key stakeholders: a certification body, a laboratory, and a vendor, all working together to establish trust. The certification processes developed within the ENTRUST project are designed to help manufacturers demonstrate their compliance with EU medical regulations. The EU’s Medical Device Regulation was used as a reference to employ a top-down approach, comparing existing standards and industry guidelines to identify any gaps that the ENTRUST project aims to address.
Comentários