After three years of collaborative research and innovation, the CYLCOMED project has concluded, marking a significant step forward in strengthening the cybersecurity for connected medical devices (CMDs) across European healthcare.
Launched under the Horizon Europe programme and coordinated by Charité – Universitätsmedizin Berlin, CYLCOMED brought together hospitals, research institutes, and technology providers to explore how advanced cybersecurity solutions can support—rather than disrupt—clinical operations. From the outset, Martel played a dual role in the CYLCOMED project, combining responsibility for communication, training and exploitation with the development of a key technical component of the cybersecurity framework.
A modular, AI-enabled cybersecurity toolbox
The main output of the project is the CYLCOMED Toolbox, a modular, AI-driven cybersecurity suite that integrates:
- AI-based threat detection
- Identity and access management
- Data protection mechanisms
- Automated security deployment
- Interoperability with clinical workflows
Designed for practical deployment in hospitals, telemedicine services, and emergency care settings, the Toolbox was validated in both controlled and real-world medical environments. These validations demonstrated that robust cybersecurity for connected medical devices can be embedded into healthcare systems without compromising clinical performance or usability.
Martel’s leadership in communication, training & exploitation and ecosystem building
Martel ensured coherent messaging, continuous stakeholder engagement, and strategic alignment with European priorities in digital health and healthcare cybersecurity.
Martel coordinated:
- The development of the project’s communication strategy and visual identity
- Publication workflows, social media presence, and outreach activities
- The organisation of public events and the promotion of the final CYLCOMED workshop
- Liaisons with EU-level initiatives and related project clusters
- The promotion of training activities focused on cybersecurity risks and industry standards
One highlight was CYLCOMED’s participation in the HIMSS Conference in Paris in June 2025, a major international healthcare event bringing together policymakers, clinical professionals, and technology providers. At the event, the project showcased its work within the EU Projects Pavilion and contributed to a joint co-creation workshop.
The final project workshop, titled “Cybersecurity Perspectives in EU Healthcare,” and widely promoted by Martel, brought together representatives from the Ministries of Health of Austria, Germany, and Poland, as well as the Medical Chamber of Slovenia. The workshop facilitated exchanges on improving cybersecurity for medical devices and highlighted the need for coordinated European action in protecting digital healthcare infrastructures.
C-OPA: Martel’s policy-based access-control engine for medical data security
Beyond its communication and ecosystem-building role, Martel led the design and implementation of C-OPA, a core component of the CYLCOMED Toolbox, through the work of our Lab.
C-OPA provides fine-grained, policy-based control over access to APIs, ensuring that only authorised requests can interact with sensitive functionalities. The solution is built around two components: a Policy Enforcement Point, acting as a proxy in front of the protected API, and a Policy Agent, which evaluates each intercepted request against predefined access policies.
Within CYLCOMED, this setup protects the FE4MED encryption and decryption service by allowing access only when a valid authentication token is presented by an authorised clinical user or system.
Developed over approximately one year, C-OPA builds on widely used open-source technologies that Martel customised to meet the project’s clinical and technical requirements. This work included the core system setup, the development of a dedicated policy editor and storage layer, integration into one of the project pilots, and the definition of access-control policies tailored to specific healthcare use cases.
Thanks to its flexibility, C-OPA is well suited for future use in eHealth and other domains requiring robust, fine-grained access control. Martel is also exploring how language models could support more user-friendly and partially automated policy authoring, while maintaining human oversight to ensure accuracy, safety, and regulatory compliance.
Through the CYLCOMED project, Martel has demonstrated its ability to combine strategic communication and ecosystem building with hands-on technical expertise, delivering secure, scalable, and clinically relevant digital-health solutions that contribute to a more resilient European healthcare ecosystem.
