Please use this identifier to cite or link to this item:

MedDevRisk: Risk Analysis Methodology for Networked Medical Devices

File Size Format  
paper0415.pdf 925.05 kB Adobe PDF View/Open

Item Summary

Title:MedDevRisk: Risk Analysis Methodology for Networked Medical Devices
Authors:Seale, Katherine
McDonald, Jeffrey
Glisson, William
Pardue, Harold
Jacobs, Michael
Keywords:Security and Privacy Challenges for Healthcare
Risk assessment, medical devices, health IT, vulnerabilities, threats
Date Issued:03 Jan 2018
Abstract:The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigation into the application of risk assessment frame works, i.e., STRIDE, Common Vulnerabilities and Exposures, and a Common Vulnerability Scoring System to identified networked medical devices that are currently employed in an operational medical simulation lab. The contribution of this research is twofold and culminates in a novel proof-of-concept system known as MedDevRisk. First, it demonstrates an approach to incorporating existing threat models into a relational database schema based on Threat-Vulnerability-Asset (TVA) relationships. Second, it provides an initial empirical analysis of the risk associated with networked medical devices along with providing the foundation for future research.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Security and Privacy Challenges for Healthcare

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons