ENTRUST: Ensuring Secure & Safe Connected Medical Devices Design with Zero Trust Principles

ENTRUST sits at the forefront of digital transformation for the Healthcare domain as it moves into the next generation of Connected Medical Devices, where the expansion of connectivity and data processing capabilities and resources at the edge have revolutionized the health sector by improving outcomes, lowering healthcare costs, and enhancing patient safety. As the number of devices grows, so does the attack surface. Cyberattacks targeting healthcare organizations and their infrastructure could compromise clinical data and personal health information. This increases the already critical need for more robust medical device security and trust management, including strong authentication capabilities and device operational assurance. Towards this direction, the ENTRUST innovations not only disrupt the CMD value chain and impact all stakeholders by putting dynamic trust assessment as a new dimension of quality of a devices’ operational profile but are also a significant driver to overcome existing gaps (in current standards – MDCG 2019-16) in the security of such complex systems. ENTRUST project aims to tackle the lack of cybersecurity implementations in connected medical devices (CMDs) without limiting their applicability. Its trust management architecture holistically manages the lifecycle of CMDs, starting from formally verified design-time trust models, and risk assessment processes to secure lifecycle procedures and real-time conformity certificates based on novel runtime attestation mechanisms and distributed ledgers. The added value and effectiveness of the ENTRUST Framework will be evaluated in four real-world use cases ranging from wearable and medical devices used for remote patient monitoring to high-end stationary equipment used in hospitals and clinics.