Cybersecurity Qlucore Diagnostics
| Reference number | |
| Coordinator | Qlucore AB (publ) |
| Funding from Vinnova | SEK 200 000 |
| Project duration | July 2023 - October 2023 |
| Status | Completed |
| Venture | Medtech4Health: Competence Enhancement in SME |
| Call | Medtech4Health: Skills enhancement in small businesses 2023 |
Important results from the project
The project´s main objective was to strengthen the software application Qlucore Diagnostics´ ability in terms of cybersecurity to (a) protect patient data by preventing data breaches and (b) guarantee patient safety by preventing an outsider from influencing the application´s results. Now, at the end of the Vinnova project, we have produced cybersecurity documentation that will be part of the technical documentation required for an approved CE marking of Qlucore Diagnostics in accordance with the IVDR regulations.
Expected long term effects
* Production of technical documentation required for an approved CE marking by Qlucore Diagnostics in accordance with the IVDR regulations. Fulfilled. * Systematic review of the software with regards to cybersecurity, especially risk and threat analysis. Fulfilled. * Hardening and protection of the software implemented. Fulfilled. * Knowledge transfer of cyber security analysis methodology from external consultants to Qlucore´s development organization. Fulfilled.
Approach and implementation
The following sub-phases were planned at the start of the project: Vulnerability and penetration tests conducted by an external, independent party. This was the single biggest cost item, as it had to be carried out by an external party with the right level of certification. This was carried out in two iterations, and resulted in the required Vulnerability and Penetration Test Report included in the technical file for reviewers. The result was, in addition to the report, that we were able to implement hardening and protection of the software in accordance with their advice and findings.