Modern medical organizations, such as hospitals and healthcare providers, are increasingly adopting network infrastructures comprising multiple heterogeneous medical devices with varying computational capabilities and originating from different manufacturers, which may be subject to various security and trustworthiness requirements.
In this regard, the core vision of ENTRUST entails the design and implementation of a holistic framework for the provision of runtime operational assurance of Connected Medical Devices (CMDs), as well as the network infrastructure of the organization as a whole. Thus, ENTRUST aims to deliver a solution that provides significant added value to organizations such as device manufacturers and healthcare providers and also pushes forward the state-of-the-art in various research domains related to cybersecurity in the medical device domain.
Towards the fulfilment of this goal, ENTRUST envisions the validation of this framework through four use case demonstrators:
Dynamic Trust Assessment in ECG Monitoring of Portable Devices and Complex Stationary Devices in a Hospital Setting.
Remote Patient Monitoring Intelligent System for Supporting Independent and Safe Living.
Digital Assistance Towards Enhancing the Health and Wellbeing of Patients and Carriers.
Compliant Protection of Wearable Devices for Mental Health Monitoring and Integrity of Accompanying Data.
These demonstrators represent a wide range of practical applications in the medical industry and aim to capture a broad scope of organizations where ENTRUST can provide significant added value.
Development of the conceptual architecture of the ENTRUST framework
For the development of the conceptual architecture of the ENTRUST framework, a systematic approach was followed, starting with the identification of the core requirements that need to be fulfilled in the context of the medical domain. To this end, we have considered both the needs and requirements highlighted by the aforementioned partners and the requirements outlined in existing regulations and standards concerning medical device cybersecurity. With regard to the latter, the ENTRUST consortium has focused on the Guidance on Cybersecurity for Medical Devices document provided by the Medical Device Coordination Group (MDCG), which aims to guide the enforcement of these standards and regulations and has identified some gaps and areas where additional considerations can be made.
To this end, ENTRUST is participating in a cross-project collaboration initiative for the publication of a conference paper that aims to bridge the identified gaps and provide assistance to various stakeholders throughout the entire supply chain in the operation of medical devices.
After the definition of the core requirements of ENTRUST, the conceptual architecture of ENTRUST was refined and presented in the plenary meeting that took place in June 2023.
At a high level, this architecture is split into three core phases:
The Design Phase, which includes all actions performed by the CMD Manufacturer before its deployment to the target medical organization, starting with the initial conceptualization (medical and user needs), as well as requirements assessment. It includes understanding the specific medical needs the device aims to address, its intended functionalities, the environment in which it will be deployed, and the target users.
The Pre-Deployment Phase, which includes all actions performed after the CMD is deployed to the organization before its actual operation. During this phase, a comprehensive site assessment is conducted to analyze the network capabilities and system compatibility of the organization where the device will be deployed. At the same time, there is an emphasis on ensuring that the CMD complies with both local and national healthcare regulations, including data privacy and patient safety standards. This phase also includes the secure enrollment process, where the required cryptographic material is generated to support the execution of the security enablers of ENTRUST.
The Runtime Phase, which includes all actions performed as part of the continuous monitoring of the security and operational state of the device throughout its operational lifecycle. These may include remote attestation schemes, which can attest to the correctness of a set of attributes of the device, and identify if any mitigation measures need to be taken in case of a failed attestation.
Moving forward, ENTRUST envisions the development and finalization of all components that belong to the framework, as well as the validation of the framework in the context of the aforementioned use case demonstrators to validate its operation in practical, real-world scenarios. It follows from all the above that ENTRUST constitutes a significant step forward in the domain of cybersecurity for medical devices and will provide a diverse set of research and implementation artefacts that can provide significant added value to medical enterprises and research organizations.