The new EU-funded ENTRUST project is here to ensure end-to-end trust management of medical devices by protecting them from cybersecurity attacks.
In 2020, the healthcare industry saw hackers taking advantage of COVID-19 fears. Some of the biggest healthcare data breaches of 2020 came from fraud schemes, phishing attacks, and vulnerabilities in healthcare vendor systems. For example, Health IT Security reports that more than 1 million patients were impacted when hackers breached a third-party system from Dental Care Alliance, with 10% of patients’ bank account numbers breached. Phishing, malware, ransomware, theft of patient data, insider threats, and hacked Internet of Things (IoT) devices — these are just a few concerns of healthcare cybersecurity professionals.*
While malicious attacks on the digital infrastructures and data of patients & healthcare institutes become more and more sophisticated, hospitals cannot keep up. Always aligned with the guidelines of the Cybersecurity Act and the existing guidance on cybersecurity for medical devices, ENTRUST is here to introduce a novel remote attestation mechanism to ensure the device’s correct operation at runtime regardless of its computational power accompanied by dynamic trust assessment models capable of identifying the Required Level of Trustworthiness per device and function that will then be verified through a new breed of efficient, attestation mechanisms. It will ensure end-to-end trust management of medical devices by protecting them from cybersecurity attacks.
Selected as one of the most innovative new approaches in cybersecurity by the European Commission, ENTRUST aims to strengthen the cybersecurity of medical devices by focusing on a Trust Management Architecture intended to holistically manage the lifecycle of connected medical devices, filling an important security gap for many hospitals.
ENTRUST is up and running from January 2023, leveraging a series of breakthrough solutions including formally verified trust models, risk assessment process, secure lifecycle procedures, security policies, technical recommendations, and the first-ever real-time Conformity Certificates to safeguard connected medical devices.
What’s more? The project will be aligned with the existing standards on defining appropriate Protection profiles per device (especially considering the heterogeneous types of medical devices provided by different vendors with different requirements) including Targets of Validation Properties to be attested during runtime.
*(Source: Maryville University online)