Red Alert Labs: Advancing Continuous Trust for Connected Medical Devices in ENTRUST
Within the ENTRUST project, Red Alert Labs (RAL) is contributing to a central ambition: making cybersecurity and trust for Connected Medical Devices (CMDs) measurable, continuous, and practicable for real-world healthcare environments.
Our work is mainly focused on three complementary areas:
1. CMD trust and risk models tailored to reality
RAL has helped build a CMD-specific security and trust profile that links medical regulations (such as MDR and MDCG 2019-16) with established cybersecurity and risk standards. This profile captures how devices are actually developed, deployed and maintained, and it provides a structured way to describe threats, controls and assurance levels throughout the device lifecycle. It serves as a backbone for several ENTRUST Key Exploitable Results (KERs) related to trust assessment and conformity.
2. From one-off assessments to continuous conformity
Traditional approaches often treat cybersecurity as a checkbox at certification time. In ENTRUST, RAL works with partners to move towards continuous conformity, where evidence can be collected, updated and reused as devices evolve. We contribute to methods and toolchains that:
- structure cybersecurity requirements and controld for CMDs,
- link them to concrete evidence and test results,
- and support repeatable "re-assessment" and "re-certification" activities over time.
This is especially important in a context of frequent software updates, new vulnerabilities and evolving regulations.
3. Connecting with guidelines, standards and the wider ecosystem
Beyond technical work, RAL is actively involved in joint publications and community events that connect ENTRUST outcomes to guidelines and future standards. Together with partner projects, we contributed to reflections on MDCG 2019-16 and IoMT cybersecurity, using ENTRUST as a concrete case study for what continuous trust and post-market surveillance could look like.
ENTRUST has also been showcased two years in a row at Forum InCyber in Lille, the largest cybersecurity event in France. From the Red Alert Labs booth, the team presented ENTRUST’s approach and early results to industrial players, healthcare stakeholders and public authorities, gathering valuable feedback on expectations and adoption barriers.
Looking ahead, the methodologies, profiles and tooling concepts developed in ENTRUST will feed into the next generation of Red Alert Labs’ own services and platforms, including the future version of CyberPass. In this way, ENTRUST does not stay purely at research level but directly shapes how cybersecurity and trust can be operationalised for connected medical devices and, ultimately, for other IoT domains.