Home » R&I Project Hub » NEw MEdical CYbersecurity assessment and design Solutions

NEw MEdical CYbersecurity assessment and design Solutions


Joanne Ahern

01 January 2023

31 December 2025

EC funded project

Improving cybersecurity of network-connected medical devices

Personalised healthcare services are the future, supported by connected medical devices. These offer significant advantages, including reduced travel and stress for home-based patients, improved clinical decision support systems and automated adjustments of treatments. However, they also present significant challenges, with cybersecurity topping the list. While too little cybersecurity may lead to exposure of personal data or compromise of critical systems, too much is costly and can obstruct clinical care. In this context, the EU-funded NEMECYS project will improve connected medical device security by offering tools to key stakeholders: device manufacturers (supporting security by design), integrators deploying the devices in clinical scenarios and healthcare providers operating those scenarios. The tools will be validated in diverse case studies.


The European health care system is moving toward personalised, distributed, and home-based services. This is made possible via new and improved connected medical devices (MDs) and in vitro diagnostic devices connected to the internet (together, CMDs), and will benefit health care providers in terms of reduced cost (fewer hospital beds) and improved service. Patients will see improved quality of life in terms of reduced travel time and reduced stress via treatment at home or where they want it. However, for these benefits to be fully realised, the cybersecurity of CMDs needs to be ensured.

NEMECYS will benefit practitioners such as cybersecurity communities, MD manufacturers, CMD scenario system integrators and CMD scenario operators (e.g. health care providers), with downstream benefits to patients and the wider public, through more cost-effective and efficient care enabled via effective and streamlined cybersecurity.

NEMECYS helps practitioners to (1) comply with MD regulations; (2) to be able to apply proportionate MD cybersecurity (too little security risks exposure, too much is costly and can obstruct clinical care) and (3) build in cybersecurity by design for both MDs and the connected scenarios they operate in. This is achieved by (1) providing recommendations for best practice and guidelines for MD cybersecurity by design, along with compliance assurance tooling; (2) providing a risk-benefit scheme to address cybersecurity risk balanced with clinical benefit; and (3) providing a set of specific tools to address MD cybersecurity by design and their deployment in connected scenarios.

The NEMECYS team has cybersecurity risk experts, two hospitals who are already implementing IoT and remote care-based scenarios, three medical device manufacturers, major computer science research players and experienced systems integrators. This team is ideally placed to ensure that NEMECYS can enable practitioners to apply the right security at the right place, at low cost.