Physical services
Overview
In the race to develop secure, AI-ready healthcare solutions, ensuring the cybersecurity of connected medical devices is critical. Through the TEF-Health network, RISE Research Institutes of Sweden—Sweden’s state-owned research and innovation partner—provides companies with access to over 130 advanced testbeds, expert consulting, and applied research expertise.
Swedish MedTech SME Kiwok Nordic AB, developer of the BodyKom/Twitrac Remote Patient Monitoring system, partnered with RISE to perform in-depth penetration testing at the Cyber Range testbed. This proactive security assessment simulated real-world cyberattacks, identifying vulnerabilities before malicious actors could exploit them, and strengthening Kiwok’s next-generation medical device as it moves toward MDR certification and AI-powered patient data analysis.
Impact
The penetration testing delivered by RISE through TEF-Health enabled Kiwok to:
Strengthen product security by addressing vulnerabilities before certification.
Reduce cybersecurity risks in wireless and firmware components.
Validate resilience of the BodyKom system against real-world threats.
The service reinforced Kiwok’s commitment to secure, reliable healthcare technology. As cyber threats evolve, continuous testing, monitoring, and updates will remain essential—proving the value of TEF-Health’s testbed services in safeguarding medical IoT devices.
Unlock Innovation with TEF-Health and Discover more Services
The Challenge
Medical devices like BodyKom collect, store, and transmit sensitive health data in real time. If not properly protected, they can be targeted by cyberattacks, risking patient safety and data integrity. For Kiwok, developing a new MDR-certified version of BodyKom with integrated AI analytics meant also meeting the highest cybersecurity standards. The challenge was to identify potential vulnerabilities in wireless communications, firmware, and data transmission—across Bluetooth, Wi-Fi, and embedded systems—before market launch.
The Solution
RISE, as a TEF-Health partner, conducted penetration testing at its Cyber Range facility. Using the same tools and methods as ethical hackers, the process simulated targeted attacks against BodyKom to uncover weaknesses. The structured approach included:
Reconnaissance – Mapping the device’s attack surface.
Scanning & Enumeration – Identifying open ports, services, and protocols.
Exploitation – Attempting to compromise the device’s functionality or data.
Post-Exploitation – Assessing depth of system infiltration and persistence.
Reporting & Remediation – Providing detailed findings and recommendations.
Testing focused on three key attack vectors:
Firmware analysis of extracted binaries
Bluetooth communication
Wi-Fi communication
This realistic, scenario-driven approach ensured that vulnerabilities were detected early, with actionable insights for remediation.
All images are © RISE and BODYKOM. They remain the intellectual property of RISE and BODYKOM and may not be used, reproduced, or distributed without prior consent.
