HEIR · Project

Cybersecurity Scoring and Threat Detection Platform for Hospitals and Medical Devices

healthPilotedTRL 7

heir2020.eu

Hospitals are getting hacked more than ever — outdated software, weak passwords, and unencrypted medical devices make them easy targets. HEIR built a security scoring system (think credit score, but for how safe your hospital's IT really is) that watches for threats in real time and benchmarks every connected medical device against known risks. It also created a shared observatory so hospitals across Europe can see what attacks are hitting others and prepare before it reaches them. The whole thing was tested in real hospital environments and reached a point where it's ready for deployment.

By the numbers

consortium partners

countries represented

EUR 4,999,975

total EU contribution

industry partners in consortium

50%

industry ratio in consortium

demonstration deliverables produced

total project deliverables

The business problem

What needed solving

Hospitals and medical centres are among the most vulnerable targets for cyberattacks, with electronic medical devices plagued by weak authentication, unencrypted traffic, and outdated software. Most healthcare organizations have no standardized way to measure or compare the security status of their connected devices, leaving them blind to where their biggest risks actually sit.

The solution

What was built

HEIR delivered a complete cybersecurity platform for healthcare including: a real-time threat hunting engine powered by machine learning, the RAMA (Risk Assessment of Medical Applications) scoring system that benchmarks every medical device's security, a privacy-aware data sharing layer, and a European Observatory for electronic medical device security. The project produced 9 demonstration deliverables, progressed from MVP to final integrated prototype, and completed real-life industrial demonstrations at TRL7.

Audience

Who needs this

Hospital CIOs and IT security managers responsible for protecting connected medical devicesMedical device manufacturers needing to prove cybersecurity complianceManaged security service providers (MSSPs) expanding into healthcare verticalsHealth insurance companies assessing cyber risk of insured facilitiesNational health authorities setting cybersecurity standards for healthcare infrastructure

Business applications

Who can put this to work

Hospital and healthcare facility management

enterprise

Target: Hospital IT departments and healthcare facility operators

If you are a hospital or clinic struggling to keep track of which medical devices are vulnerable to cyberattacks — HEIR developed a Risk Assessment of Medical Applications (RAMA) scoring system that measures the security status of every connected device and gives you a clear vulnerability picture. The platform was tested in real-life industrial demonstrations across a consortium of 18 partners in 10 countries, reaching TRL7 readiness.

Medical device manufacturing

mid-size

Target: Medical device manufacturers and IoT health device companies

If you are a medical device maker facing growing regulatory pressure around cybersecurity — HEIR built a benchmarking observatory that scores devices against OWASP Top 10 and ENISA Top 15 threat lists. This gives you a concrete way to prove your devices meet security standards before they reach the market, backed by machine learning-powered threat detection validated in real clinical environments.

Healthcare IT and managed security services

any

Target: Managed security service providers (MSSPs) serving healthcare clients

If you are a cybersecurity firm looking to expand into the healthcare vertical — HEIR created an integrated threat hunting and visualization platform specifically designed for electronic medical devices, with real-time detection capabilities and a global benchmark database. The solution was developed with 9 industry partners and delivered a final integrated prototype with best practices for long-term operation.

Frequently asked

Quick answers

What would it cost to implement this in our hospital or integrate it into our product?

The project had a total EU contribution of EUR 4,999,975 across 18 partners over 3 years. Specific licensing or per-unit pricing for the HEIR platform is not disclosed in the project data. You would need to contact the consortium to discuss commercial terms for deployment or licensing.

Can this scale to a large hospital network with thousands of connected devices?

HEIR was designed to operate at both local (single hospital) and global (multi-site) levels, with layered services that aggregate security data across different medical centres. The final demonstrations were run in real-life industrial settings. The architecture supports benchmarking across multiple facilities using the RAMA scoring system.

Who owns the intellectual property and how can we license it?

The project was coordinated by Institut Mines-Telecom (France) with 18 consortium partners across 10 countries. IP is likely shared among partners according to their EU grant agreement. Contact the coordinator for specific licensing arrangements for the RAMA scoring engine, threat detection modules, or the observatory platform.

Does this meet current healthcare cybersecurity regulations like NIS2 or MDR?

HEIR explicitly aimed to establish good security practice across regulatory contexts and reduce market access barriers. The threat detection aligns with OWASP Top 10 and ENISA Top 15 methodologies. Based on available project data, specific NIS2 or MDR certification was not mentioned, but the deliverables include best practices for long-term framework operation.

How long would deployment take in an existing hospital IT environment?

The project delivered a Minimum Viable Product at month 12, an intermediate integrated prototype at month 18, and a final version at month 30. This suggests a phased deployment approach is possible. The best practices deliverable (TRL7) provides guidance for maintaining and operating the system long-term, including software updates.

Can this integrate with our existing hospital information systems and SIEM tools?

HEIR includes a client-side component (HEIR Client), aggregator nodes, and visualization tools designed to work within hospital IT environments. The layered architecture separates local monitoring from global benchmarking. Based on available project data, specific integration protocols with third-party SIEM systems are not detailed but the modular design suggests adaptability.

Is there ongoing support or has development stopped since the project ended?

The project closed in August 2023. A dedicated deliverable on best practices for long-term maintenance and operation was produced. Whether consortium partners continue to offer commercial support or updates would need to be confirmed directly with Institut Mines-Telecom or the industry partners involved.

Consortium

Who built it

This is a large, well-balanced consortium of 18 partners across 10 European countries (plus Israel and Switzerland), with a strong 50% industry ratio — 9 industry partners alongside 3 universities and 3 research organizations. The EUR 4,999,975 budget signals serious EU investment. Having 3 SMEs in the mix suggests commercial exploitation was planned from the start. The coordinator, Institut Mines-Telecom, is one of France's top engineering schools with strong industry ties. For a business considering this technology, the breadth of the consortium means the solution has been stress-tested across different healthcare IT environments, regulatory contexts, and organizational sizes — reducing your adoption risk considerably.

INSTITUT MINES-TELECOMCoordinator · FR
BITDEFENDER SRLparticipant · RO
PANEPISTIMIAKO GENIKO NOSOKOMEIO IRAKLEIOUparticipant · EL
SIEMENS SRLparticipant · RO
IDRYMA TECHNOLOGIAS KAI EREVNASparticipant · EL
STELAR SECURITY TECHNOLOGY LAW RESEARCH UG (HAFTUNGSBESCHRANKT) GMBHparticipant · DE
UNIVERSITEIT MAASTRICHTparticipant · NL
DIAGNOSTIKON KAI THERAPEFTIKON KENTRON ATHINON YGEIA ANONYMOS ETAIREIAparticipant · EL
WELLICS LTDparticipant · UK
CROYDON HEALTH SERVICES NATIONAL HEALTH SERVICE TRUSTparticipant · UK
AEGIS IT RESEARCH GMBHparticipant · DE
IOTAM INTERNET OF THINGS APPLICATIONS AND MULTI LAYER DEVELOPMENT LTDparticipant · CY
SPHYNX TECHNOLOGY SOLUTIONS AGparticipant · CH
IBM ISRAEL - SCIENCE AND TECHNOLOGY LTDparticipant · IL
UNIVERSITETSSYKEHUSET NORD-NORGE HFparticipant · NO
TECHNISCHE UNIVERSITEIT DELFTparticipant · NL

How to reach the team

Institut Mines-Telecom (France) — a leading French engineering and technology institution. Reach their technology transfer office for licensing inquiries.

Order a report on this consortium See INSTITUT MINES-TELECOM profile →

Next steps

Talk to the team behind this work.

Want an introduction to the HEIR team to discuss deploying the RAMA scoring system or threat detection platform in your organization? SciTransfer can arrange a direct connection with the right consortium partner for your use case.

Order a report on this topic More in Health & Biomedical