Enhancing Cybersecurity of connected Medical Devices

General information

Priority

Citizens’ secure access to and sharing of health data across borders, Better data to promote research, disease prevention and personalised health and care

Programme

Horizon Europe

Call

HORIZON-HLTH-2022-IND-13-01

Deadline model

one-stage

Submission date

21 April 2022

Budget

€ 6.000.000

Type of action

RIA

Description

This topic aims at supporting activities that are enabling or contributing to one or several expected impacts of destination 6 “Maintaining an innovative, sustainable and globally competitive health industry”. To that end, proposals under this topic should aim for delivering results that are directed, tailored towards and contributing to some of the following expected outcomes: Stakeholders (e.g. manufacturers, suppliers, health care providers, integrators, operators) apply measures to identify and address cybersecurity risks and gaps in connected medical devices. Stakeholders adopt and use newly developed risk benefit analysis schemes and capabilities for cybersecurity of connected medical devices. Stakeholders adopt and use newly developed methodologies and toolboxes for ensuring cybersecurity of connected medical devices by design. Stakeholders adopt and use fit for purpose guidance covering challenges posed by connected medical devices, including software. Scope: The proposals are expected to help strengthening cybersecurity maintaining the performance of medical devices while preserving or enhancing safety, security and data confidentiality, integrity and availability. The applicants should tackle the cybersecurity issue of connected medical devices and in vitro diagnostic medical devices, in particular those that are connected to the internet, allow remote access to data and exchange private or proprietary data. They should also consider the implications of Regulation (EU) 2017/745193 on medical devices and Regulation (EU) 2017/746194 on in vitro diagnostic medical devices regarding qualification and classification of software. In their proposals, applicants should consider to maximise synergies with relevant initiatives, activities and programmes. Proposals are expected to address some or all of the following: Systematic review of current standards/guidelines/best practices applied to cybersecurity of connected medical devices, with the final objective to identify and specify gaps and requirements based on evidence. Propose risk benefit analysis schemes for cybersecurity of connected medical devices, taking into account several novel technological developments (e.g. 5G networks, big data, artificial intelligence, cloud computing, augmented reality, blockchain) and interconnection architectures. Explore, develop and validate novel methodologies and toolboxes for ensuring cybersecurity of connected medical devices by design. Identify representative case studies, evaluate the applicability of existing guidance MDCG 2019-16 (guidance on cybersecurity for medical devices 195 ) and make recommendations to (better) address specificities of the connected medical device, including software, of different risk classes. Assessment of the applicability (and revision) of current guidance, the MDCG 2019-16 (guidance on cybersecurity for medical devices), to connected medical device, including software. All projects funded under this topic are strongly encouraged to participate in networking and joint activities, as appropriate. These networking and joint activities could, for example, involve the participation in joint workshops, the exchange of knowledge, the development and adoption of best practices, or joint communication activities. This could also involve networking and joint activities with projects funded under other clusters and pillars of Horizon Europe, or other EU programmes, as appropriate. Therefore, proposals are expected to include a budget for the attendance to regular joint meetings and may consider to cover the costs of any other potential joint activities without the prerequisite to detail concrete joint activities at this stage. The details of these joint activities will be defined during the grant agreement preparation phase. In this regard, the Commission may take on the role of facilitator for networking and exchanges, including with relevant stakeholders, if appropriate. In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.